Dankcorn
Members-
Posts
4 -
Joined
-
Last visited
Reputation
0 Neutral-
Cant get MBytes to update to current version
Dankcorn replied to Dankcorn's topic in Resolved Malware Removal Logs
Updated Malwarebytes (good) and ran scan Here's the log Malwarebytes' Anti-Malware 1.40 Database version: 2702 Windows 5.1.2600 Service Pack 3 8/26/2009 11:42:37 PM mbam-log-2009-08-26 (23-42-37).txt Scan type: Full Scan (C:\|) Objects scanned: 214425 Time elapsed: 1 hour(s), 5 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\Program Files\DDnsFilter\DDnsFilter.dll.vir (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DnsFilter.sys.vir (Worm.KoobFace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1296\A0164907.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1298\A0169087.dll (Worm.KoobFace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1298\A0169088.sys (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully. -
Cant get MBytes to update to current version
Dankcorn replied to Dankcorn's topic in Resolved Malware Removal Logs
Also, here is the HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:11 PM, on 8/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Panda Security\Panda Internet Security 2010\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Panda Security\Panda Internet Security 2010\Iface.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: www.arthritis.org O15 - Trusted Zone: *.intuit.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downlo..._2/axofupld.cab O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Update Service (gupdate1ca0507d9b898c) (gupdate1ca0507d9b898c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10132 bytes -
Cant get MBytes to update to current version
Dankcorn replied to Dankcorn's topic in Resolved Malware Removal Logs
I ran Combofix as directed and here is the log. One thing that is better, I can now access malwarebytes.org What's the next step for cleaning if any. Thank you, David ComboFix 09-08-26.05 - Dr Jan 08/26/2009 21:53.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.139 [GMT -7:00] Running from: c:\documents and settings\Dr Jan\ComboFix.exe AV: Panda Internet Security 2010 *On-access scanning disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\DDnsFilter c:\program files\DDnsFilter\DDnsFilter.dll c:\windows\010112010146101105.xe c:\windows\0101120101464857.xe c:\windows\0101120101464950.xe c:\windows\0101120101465653.xe c:\windows\Installer\1121230.msp c:\windows\Installer\1121243.msp c:\windows\Installer\12a395f.msp c:\windows\Installer\136fb94.msp c:\windows\Installer\136fba8.msp c:\windows\Installer\136fbbb.msp c:\windows\Installer\136fbcf.msp c:\windows\Installer\136fbe3.msp c:\windows\Installer\136fbf7.msp c:\windows\Installer\1410057.msp c:\windows\Installer\141006a.msp c:\windows\Installer\141007e.msp c:\windows\Installer\1410091.msp c:\windows\Installer\14100a8.msp c:\windows\Installer\1430a1.msp c:\windows\Installer\143161.msp c:\windows\Installer\14a4282.msp c:\windows\Installer\1599F.MSP c:\windows\Installer\15fa4ed.msp c:\windows\Installer\15fa501.msp c:\windows\Installer\15fa527.msp c:\windows\Installer\16963a2.msp c:\windows\Installer\183251a.msp c:\windows\Installer\183252e.msp c:\windows\Installer\1832539.msp c:\windows\Installer\183ddd6.msp c:\windows\Installer\183ddfc.msp c:\windows\Installer\183de24.msp c:\windows\Installer\183de4a.msp c:\windows\Installer\183de70.msp c:\windows\Installer\183de95.msp c:\windows\Installer\183debc.msp c:\windows\Installer\183df11.msp c:\windows\Installer\183df12.msp c:\windows\Installer\183df3a.msp c:\windows\Installer\183df60.msp c:\windows\Installer\183df86.msp c:\windows\Installer\183dfab.msp c:\windows\Installer\185231c.msp c:\windows\Installer\1893870.msp c:\windows\Installer\189387b.msp c:\windows\Installer\18cfdb5.msp c:\windows\Installer\191465b.msp c:\windows\Installer\1914676.msp c:\windows\Installer\191469c.msp c:\windows\Installer\19146c2.msp c:\windows\Installer\195bdf1.msp c:\windows\Installer\195be05.msp c:\windows\Installer\195be11.msp c:\windows\Installer\195be25.msp c:\windows\Installer\195be31.msp c:\windows\Installer\19864d.msp c:\windows\Installer\19865a.msp c:\windows\Installer\1aa5c82.msp c:\windows\Installer\1b04785.msp c:\windows\Installer\1b0479d.msp c:\windows\Installer\1c03919.msp c:\windows\Installer\1c0392d.msp c:\windows\Installer\1c03943.msp c:\windows\Installer\1c03957.msp c:\windows\Installer\1effff.msp c:\windows\Installer\2250058.msp c:\windows\Installer\2250059.msp c:\windows\Installer\225005a.msp c:\windows\Installer\225005b.msp c:\windows\Installer\225005c.msp c:\windows\Installer\225005d.msp c:\windows\Installer\225005e.msp c:\windows\Installer\225005f.msp c:\windows\Installer\2250060.msp c:\windows\Installer\335f57.msp c:\windows\Installer\3b73970.msp c:\windows\Installer\3b7398d.msp c:\windows\Installer\3d15779.msp c:\windows\Installer\3d15797.msp c:\windows\Installer\3d157ac.msp c:\windows\Installer\3d157d2.msp c:\windows\Installer\3d157f8.msp c:\windows\Installer\3d15815.msp c:\windows\Installer\3d1582a.msp c:\windows\Installer\44f955f.msp c:\windows\Installer\44f9578.msp c:\windows\Installer\44f958c.msp c:\windows\Installer\44f95a0.msp c:\windows\Installer\44f95a8.msp c:\windows\Installer\4b4e3c.msp c:\windows\Installer\4b4e44.msp c:\windows\Installer\4b4e45.msp c:\windows\Installer\4b4ea0.msp c:\windows\Installer\4b4ea8.msp c:\windows\Installer\4b4eba.msp c:\windows\Installer\4b4ec9.msp c:\windows\Installer\4b4ecf.msp c:\windows\Installer\52d0a1.msp c:\windows\Installer\52d0b5.msp c:\windows\Installer\579aa3e.msp c:\windows\Installer\579aa59.msp c:\windows\Installer\579aa6d.msp c:\windows\Installer\579aa81.msp c:\windows\Installer\5b009fb.msp c:\windows\Installer\8c7893.msp c:\windows\Installer\8c7894.msp c:\windows\Installer\a872d0.msp c:\windows\Installer\a872ee.msp c:\windows\Installer\c1093ba.msp c:\windows\Installer\d18302.msp c:\windows\Installer\d18306.msp c:\windows\Installer\d18307.msp c:\windows\Installer\eb6f.msp c:\windows\Installer\eb96.msp c:\windows\Installer\ec59.msp c:\windows\system32\drivers\DnsFilter.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SfX -------\Legacy_ddnsfilter -------\Legacy_DnsFilter -------\Service_ddnsfilter -------\Service_DnsFilter ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))))) . 2009-08-27 04:42 . 2009-08-27 03:49 3185678 ----a-r- c:\documents and settings\Dr Jan\ComboFix.exe 2009-08-25 08:44 . 2009-08-25 08:44 -------- d-----w- c:\program files\Trend Micro 2009-08-24 18:30 . 2009-08-27 04:46 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2009-08-24 17:01 . 2009-08-24 17:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda Security 2009-08-23 06:17 . 2009-08-23 06:17 -------- d-----w- c:\documents and settings\Dr Jan\Local Settings\Application Data\Panda Security 2009-08-23 06:14 . 2009-08-23 06:14 262 ----a-w- c:\windows\system32\PavCPL.dat 2009-08-23 06:14 . 2009-08-25 22:25 231240 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2009-08-23 06:14 . 2008-06-18 23:06 46720 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2009-08-23 06:14 . 2008-06-18 23:06 193792 ----a-w- c:\windows\system32\drivers\idsflt.sys 2009-08-23 06:14 . 2008-06-18 23:06 52992 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2009-08-23 06:14 . 2008-07-11 21:58 158848 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2009-08-23 06:14 . 2008-06-25 22:42 73728 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2009-08-23 06:14 . 2008-03-28 18:25 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2009-08-23 06:14 . 2009-08-23 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup 2009-08-23 06:13 . 2003-10-23 01:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll 2009-08-23 06:13 . 2009-03-31 01:23 193792 ----a-w- c:\windows\system32\TpUtil.dll 2009-08-23 06:13 . 2009-03-31 01:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll 2009-08-23 06:13 . 2007-02-08 17:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL 2009-08-23 06:13 . 2009-03-31 01:22 518400 ----a-w- c:\windows\system32\PavSHook.dll 2009-08-23 06:13 . 2009-03-31 01:22 55552 ----a-w- c:\windows\system32\pavipc.dll 2009-08-23 06:13 . 2008-06-26 18:25 197888 ----a-w- c:\windows\system32\drivers\neti1634.sys 2009-08-23 06:13 . 2009-08-23 06:13 -------- d-----w- c:\windows\system32\PAV 2009-08-23 06:13 . 2008-04-29 00:35 84024 ----a-w- c:\windows\system32\drivers\pavdrv51.sys 2009-08-23 06:13 . 2008-03-18 23:58 58672 ----a-w- c:\windows\system32\avldr.dll 2009-08-23 06:13 . 2009-08-23 06:13 -------- d-----w- c:\documents and settings\Dr Jan\Application Data\Panda Security 2009-08-23 06:13 . 2009-08-23 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2009-08-23 06:05 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-08-23 06:03 . 2008-03-04 22:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2009-08-23 06:03 . 2009-08-23 06:03 -------- d-----w- c:\program files\Common Files\Panda Security 2009-08-23 06:03 . 2009-06-02 20:12 177416 ----a-w- c:\windows\system32\drivers\PavProc.sys 2009-08-23 05:54 . 2009-08-23 05:51 87216408 ----a-w- c:\documents and settings\Dr Jan\IS10promo.exe 2009-08-23 03:58 . 2009-08-23 03:23 175888 ----a-w- C:\activescan2_en.exe 2009-08-20 05:04 . 2009-08-20 05:04 1 ---h--w- c:\windows\ex23567.dat 2009-08-12 23:18 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-09 05:33 . 2009-08-23 12:35 187784 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-08-09 05:30 . 2009-08-09 05:30 -------- d-----w- c:\documents and settings\Dr Jan\Local Settings\Application Data\Sanford,_L.P 2009-08-09 05:14 . 2009-08-09 05:15 -------- d-----w- c:\documents and settings\Dr Jan\Local Settings\Application Data\DYMO 2009-08-09 05:12 . 2009-08-09 05:12 -------- d-----w- c:\program files\DYMO 2009-08-09 05:12 . 2009-08-09 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\DYMO 2009-08-09 05:09 . 2009-05-20 19:06 9216 ----a-w- c:\windows\system32\LW400MON.DLL 2009-08-09 05:09 . 2009-08-09 05:09 -------- d-----w- c:\program files\DYMO LabelWriter Drivers 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-27 05:10 . 2009-08-23 06:14 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck 2009-08-27 05:10 . 2009-08-23 06:14 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG 2009-08-27 04:51 . 2007-04-18 16:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-25 22:25 . 2009-08-23 06:14 231240 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck 2009-08-25 08:04 . 2009-08-25 06:08 -------- d-----w- c:\program files\Spyware Doctor 2009-08-25 07:46 . 2009-08-25 02:31 -------- d-----w- c:\documents and settings\Dr Jan\Application Data\Malwarebytes 2009-08-25 07:46 . 2009-08-25 07:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-28 06:44 . 2008-12-18 20:12 11522 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys 2009-07-25 05:49 . 2009-07-25 01:10 -------- d-----w- c:\program files\Radica 2009-07-18 04:15 . 2009-07-18 04:15 -------- d-----w- c:\documents and settings\Dr Jan\Application Data\Smith Micro 2009-07-18 03:39 . 2007-10-03 20:50 -------- d-----w- c:\program files\Samsung 2009-07-18 03:37 . 2009-07-18 03:39 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2009-07-18 03:37 . 2009-07-18 03:39 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2009-07-18 03:37 . 2009-07-18 03:39 86824 ----a-w- c:\windows\system32\drivers\sscdserd.sys 2009-07-18 03:37 . 2009-07-18 03:39 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2009-07-18 03:37 . 2009-07-18 03:39 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2009-07-18 03:37 . 2009-07-18 03:39 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2009-07-18 03:37 . 2009-07-18 03:39 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2009-07-18 03:37 . 2009-07-18 03:39 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-15 04:45 . 2006-06-26 20:34 -------- d-----w- c:\program files\Google 2009-07-14 06:43 . 2004-08-04 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2004-08-04 10:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:19 . 2004-08-04 10:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2004-08-04 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2008-05-16 23:40 . 2008-05-16 23:40 14290 ----a-w- c:\program files\settings.dat 2007-11-09 18:33 . 2007-11-01 16:34 80 --sh--r- c:\windows\SYSTEM32\D7D2344DD3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-06-24 1882360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" [2009-06-05 574720] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2010\Inicio.exe" [2009-04-21 56064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 23:58 58672 ----a-w- c:\windows\SYSTEM32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVC"=2 (0x2) "NtmsSvc"=3 (0x3) "gusvc"=2 (0x2) "Fax"=2 (0x2) "hkmsvc"=3 (0x3) "Ati HotKey Poller"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WeatherCast"="c:\program files\WeatherCast\Weather.exe" /q "WhenUSave"="c:\program files\Save\Save.exe" "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_03\bin\jusched.exe "IntelMeM"=c:\program files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "56117:TCP"= 56117:TCP:Pando P2P TCP Listening Port "56117:UDP"= 56117:UDP:Pando P2P UDP Listening Port "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "8085:TCP"= 8085:TCP:*:Disabled:ddnsfilter R0 pavboot;Panda boot driver;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [8/22/2009 11:05 PM 28544] R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [8/24/2009 11:08 PM 130936] R1 APPFLT;App Filter Plugin;c:\windows\SYSTEM32\DRIVERS\APPFLT.SYS [8/22/2009 11:14 PM 73728] R1 DSAFLT;DSA Filter Plugin;c:\windows\SYSTEM32\DRIVERS\dsaflt.sys [8/22/2009 11:14 PM 52992] R1 FNETMON;NetMon Filter Plugin;c:\windows\SYSTEM32\DRIVERS\fnetmon.sys [8/22/2009 11:14 PM 22072] R1 IDSFLT;Ids Filter Plugin;c:\windows\SYSTEM32\DRIVERS\idsflt.sys [8/22/2009 11:14 PM 193792] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\SYSTEM32\DRIVERS\NETFLTDI.SYS [8/22/2009 11:14 PM 158848] R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [8/22/2009 11:03 PM 41144] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\SYSTEM32\DRIVERS\wnmflt.sys [8/22/2009 11:14 PM 46720] R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [8/22/2009 11:03 PM 177416] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2010\psksvc.exe [8/22/2009 11:14 PM 28928] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/18/2009 8:55 AM 24652] R3 ComFiltr;Panda Anti-Dialer;c:\windows\SYSTEM32\DRIVERS\COMFiltr.sys [8/24/2009 11:30 AM 13880] R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\SYSTEM32\DRIVERS\neti1634.sys [8/22/2009 11:13 PM 197888] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S2 gupdate1ca0507d9b898c;Google Update Service (gupdate1ca0507d9b898c);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2009 9:45 PM 133104] S2 PhoneTreeUSB;PhoneTree USB Driver (phontree.sys);c:\windows\system32\Drivers\phontrnt.sys --> c:\windows\system32\Drivers\phontrnt.sys [?] S2 PTHardLoader;PhoneTree USB Loader Driver (pthloadr.sys);c:\windows\system32\Drivers\pthldrnt.sys --> c:\windows\system32\Drivers\pthldrnt.sys [?] S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/24/2009 11:08 PM 348752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 ddnsfilter REG_MULTI_SZ ddnsfilter panda REG_MULTI_SZ Gwmsrv . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 04:44] 2009-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 04:44] 2009-08-25 c:\windows\Tasks\Nightly_Director.job - c:\windows\system32\ntbackup.exe [2001-08-18 05:36] 2009-08-15 c:\windows\Tasks\WEEKLY BACK UP JEN.job - c:\windows\system32\ntbackup.exe [2001-08-18 05:36] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.google.com/mail/# uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: arthritis.org\www Trusted Zone: intuit.com Trusted Zone: plaxo.com\www DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} - hxxp://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab FF - ProfilePath - c:\documents and settings\Dr Jan\Application Data\Mozilla\Firefox\Profiles\wof5s0wb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?shva=1#inbox|about:blank FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper(2).dll FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper(3).dll FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper(4).dll FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper(5).dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . . ------- File Associations ------- . JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 22:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3293194026-3219253928-3113169159-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,aa,5b,b1,6f,33, 34,b7,18,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,21,63,7f,ee,fb, 43,c6,c7,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,f1,b4,10,e2,ea, c7,5f,9e,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,16,c6,70,67,bc, 8c,86,a7,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,b0,29,51,55,a7, c2,24,37,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,46,3b,eb,27,a7, 2a,6b,19,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c5,79,a0,5b,a1, 56,94,d4,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e4,d0,8c,bd,c5, e1,c6,48,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,66,2d,5c,1f,f7, f8,99,6b,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,99,95,39,44,af, f8,7d,22,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e7,a0,7c,a2,b2, 0a,0f,b1,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b4,df,43,1b,6a, 9c,92,7a,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1264) c:\windows\system32\avldr.dll - - - - - - - > 'explorer.exe'(3216) c:\windows\system32\WININET.dll c:\program files\Panda Security\Panda Internet Security 2010\pavoepl.dll c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Panda Security\Panda Internet Security 2010\TPSrv.exe c:\program files\Panda Security\Panda Internet Security 2010\WebProxy.exe c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Panda Security\Panda Internet Security 2010\PsCtrlS.exe c:\program files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe c:\program files\Panda Security\Panda Internet Security 2010\FIREWALL\PSHost.exe c:\program files\Panda Security\Panda Internet Security 2010\PsImSvc.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Panda Security\Panda Internet Security 2010\PAVSRV51.EXE c:\program files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\Panda Security\Panda Internet Security 2010\SrvLoad.exe c:\program files\Panda Security\Panda Internet Security 2010\PavBckPT.exe . ************************************************************************** . Completion time: 2009-08-27 22:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-27 05:15 Pre-Run: 104,555,188,224 bytes free Post-Run: 105,068,408,832 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 497 --- E O F --- 2009-08-13 23:04 -
Like many others I am fighting a Freddy58/koobface worm that blocks access to Malwarebytes, F-secure, and many others. As a result, I cannot update Mbytes past the database 2551. I have uninstalled, rebooted, ran the cleaner, rebooted, and downloaded a clean version and installed. It runs fine, but will not update and returns a 732 error. Any suggestions? HJThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:45:37 AM, on 8/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\sySTEM32\SvchoSt.ExE C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Panda Security\Panda Internet Security 2010\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: www.arthritis.org O15 - Trusted Zone: *.intuit.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downlo..._2/axofupld.cab O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Update Service (gupdate1ca0507d9b898c) (gupdate1ca0507d9b898c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10657 bytes