Jump to content

Dankcorn

Members
  • Posts

    4
  • Joined

  • Last visited

Everything posted by Dankcorn

  1. Updated Malwarebytes (good) and ran scan Here's the log Malwarebytes' Anti-Malware 1.40 Database version: 2702 Windows 5.1.2600 Service Pack 3 8/26/2009 11:42:37 PM mbam-log-2009-08-26 (23-42-37).txt Scan type: Full Scan (C:\|) Objects scanned: 214425 Time elapsed: 1 hour(s), 5 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 6 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\ddnsfilter (Trojan.DNSChanger) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\Qoobox\Quarantine\C\Program Files\DDnsFilter\DDnsFilter.dll.vir (Worm.KoobFace) -> Quarantined and deleted successfully. C:\Qoobox\Quarantine\C\WINDOWS\SYSTEM32\DRIVERS\DnsFilter.sys.vir (Worm.KoobFace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1296\A0164907.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1298\A0169087.dll (Worm.KoobFace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1298\A0169088.sys (Worm.KoobFace) -> Quarantined and deleted successfully. C:\WINDOWS\0535251103110107106.yux (KoobFace.Trace) -> Quarantined and deleted successfully.
  2. Also, here is the HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:27:11 PM, on 8/26/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Panda Security\Panda Internet Security 2010\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Panda Security\Panda Internet Security 2010\Iface.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe" O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: www.arthritis.org O15 - Trusted Zone: *.intuit.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downlo..._2/axofupld.cab O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Update Service (gupdate1ca0507d9b898c) (gupdate1ca0507d9b898c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10132 bytes
  3. I ran Combofix as directed and here is the log. One thing that is better, I can now access malwarebytes.org What's the next step for cleaning if any. Thank you, David ComboFix 09-08-26.05 - Dr Jan 08/26/2009 21:53.1.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.139 [GMT -7:00] Running from: c:\documents and settings\Dr Jan\ComboFix.exe AV: Panda Internet Security 2010 *On-access scanning disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0} FW: Panda Personal Firewall 2010 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\program files\DDnsFilter c:\program files\DDnsFilter\DDnsFilter.dll c:\windows\010112010146101105.xe c:\windows\0101120101464857.xe c:\windows\0101120101464950.xe c:\windows\0101120101465653.xe c:\windows\Installer\1121230.msp c:\windows\Installer\1121243.msp c:\windows\Installer\12a395f.msp c:\windows\Installer\136fb94.msp c:\windows\Installer\136fba8.msp c:\windows\Installer\136fbbb.msp c:\windows\Installer\136fbcf.msp c:\windows\Installer\136fbe3.msp c:\windows\Installer\136fbf7.msp c:\windows\Installer\1410057.msp c:\windows\Installer\141006a.msp c:\windows\Installer\141007e.msp c:\windows\Installer\1410091.msp c:\windows\Installer\14100a8.msp c:\windows\Installer\1430a1.msp c:\windows\Installer\143161.msp c:\windows\Installer\14a4282.msp c:\windows\Installer\1599F.MSP c:\windows\Installer\15fa4ed.msp c:\windows\Installer\15fa501.msp c:\windows\Installer\15fa527.msp c:\windows\Installer\16963a2.msp c:\windows\Installer\183251a.msp c:\windows\Installer\183252e.msp c:\windows\Installer\1832539.msp c:\windows\Installer\183ddd6.msp c:\windows\Installer\183ddfc.msp c:\windows\Installer\183de24.msp c:\windows\Installer\183de4a.msp c:\windows\Installer\183de70.msp c:\windows\Installer\183de95.msp c:\windows\Installer\183debc.msp c:\windows\Installer\183df11.msp c:\windows\Installer\183df12.msp c:\windows\Installer\183df3a.msp c:\windows\Installer\183df60.msp c:\windows\Installer\183df86.msp c:\windows\Installer\183dfab.msp c:\windows\Installer\185231c.msp c:\windows\Installer\1893870.msp c:\windows\Installer\189387b.msp c:\windows\Installer\18cfdb5.msp c:\windows\Installer\191465b.msp c:\windows\Installer\1914676.msp c:\windows\Installer\191469c.msp c:\windows\Installer\19146c2.msp c:\windows\Installer\195bdf1.msp c:\windows\Installer\195be05.msp c:\windows\Installer\195be11.msp c:\windows\Installer\195be25.msp c:\windows\Installer\195be31.msp c:\windows\Installer\19864d.msp c:\windows\Installer\19865a.msp c:\windows\Installer\1aa5c82.msp c:\windows\Installer\1b04785.msp c:\windows\Installer\1b0479d.msp c:\windows\Installer\1c03919.msp c:\windows\Installer\1c0392d.msp c:\windows\Installer\1c03943.msp c:\windows\Installer\1c03957.msp c:\windows\Installer\1effff.msp c:\windows\Installer\2250058.msp c:\windows\Installer\2250059.msp c:\windows\Installer\225005a.msp c:\windows\Installer\225005b.msp c:\windows\Installer\225005c.msp c:\windows\Installer\225005d.msp c:\windows\Installer\225005e.msp c:\windows\Installer\225005f.msp c:\windows\Installer\2250060.msp c:\windows\Installer\335f57.msp c:\windows\Installer\3b73970.msp c:\windows\Installer\3b7398d.msp c:\windows\Installer\3d15779.msp c:\windows\Installer\3d15797.msp c:\windows\Installer\3d157ac.msp c:\windows\Installer\3d157d2.msp c:\windows\Installer\3d157f8.msp c:\windows\Installer\3d15815.msp c:\windows\Installer\3d1582a.msp c:\windows\Installer\44f955f.msp c:\windows\Installer\44f9578.msp c:\windows\Installer\44f958c.msp c:\windows\Installer\44f95a0.msp c:\windows\Installer\44f95a8.msp c:\windows\Installer\4b4e3c.msp c:\windows\Installer\4b4e44.msp c:\windows\Installer\4b4e45.msp c:\windows\Installer\4b4ea0.msp c:\windows\Installer\4b4ea8.msp c:\windows\Installer\4b4eba.msp c:\windows\Installer\4b4ec9.msp c:\windows\Installer\4b4ecf.msp c:\windows\Installer\52d0a1.msp c:\windows\Installer\52d0b5.msp c:\windows\Installer\579aa3e.msp c:\windows\Installer\579aa59.msp c:\windows\Installer\579aa6d.msp c:\windows\Installer\579aa81.msp c:\windows\Installer\5b009fb.msp c:\windows\Installer\8c7893.msp c:\windows\Installer\8c7894.msp c:\windows\Installer\a872d0.msp c:\windows\Installer\a872ee.msp c:\windows\Installer\c1093ba.msp c:\windows\Installer\d18302.msp c:\windows\Installer\d18306.msp c:\windows\Installer\d18307.msp c:\windows\Installer\eb6f.msp c:\windows\Installer\eb96.msp c:\windows\Installer\ec59.msp c:\windows\system32\drivers\DnsFilter.sys . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_SfX -------\Legacy_ddnsfilter -------\Legacy_DnsFilter -------\Service_ddnsfilter -------\Service_DnsFilter ((((((((((((((((((((((((( Files Created from 2009-07-27 to 2009-08-27 ))))))))))))))))))))))))))))))) . 2009-08-27 04:42 . 2009-08-27 03:49 3185678 ----a-r- c:\documents and settings\Dr Jan\ComboFix.exe 2009-08-25 08:44 . 2009-08-25 08:44 -------- d-----w- c:\program files\Trend Micro 2009-08-24 18:30 . 2009-08-27 04:46 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys 2009-08-24 17:01 . 2009-08-24 17:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda Security 2009-08-23 06:17 . 2009-08-23 06:17 -------- d-----w- c:\documents and settings\Dr Jan\Local Settings\Application Data\Panda Security 2009-08-23 06:14 . 2009-08-23 06:14 262 ----a-w- c:\windows\system32\PavCPL.dat 2009-08-23 06:14 . 2009-08-25 22:25 231240 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT 2009-08-23 06:14 . 2008-06-18 23:06 46720 ----a-w- c:\windows\system32\drivers\wnmflt.sys 2009-08-23 06:14 . 2008-06-18 23:06 193792 ----a-w- c:\windows\system32\drivers\idsflt.sys 2009-08-23 06:14 . 2008-06-18 23:06 52992 ----a-w- c:\windows\system32\drivers\dsaflt.sys 2009-08-23 06:14 . 2008-07-11 21:58 158848 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS 2009-08-23 06:14 . 2008-06-25 22:42 73728 ----a-w- c:\windows\system32\drivers\APPFLT.SYS 2009-08-23 06:14 . 2008-03-28 18:25 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys 2009-08-23 06:14 . 2009-08-23 06:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup 2009-08-23 06:13 . 2003-10-23 01:23 446464 ----a-w- c:\windows\system32\HHActiveX.dll 2009-08-23 06:13 . 2009-03-31 01:23 193792 ----a-w- c:\windows\system32\TpUtil.dll 2009-08-23 06:13 . 2009-03-31 01:22 87296 ----a-w- c:\windows\system32\PavLspHook.dll 2009-08-23 06:13 . 2007-02-08 17:53 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL 2009-08-23 06:13 . 2009-03-31 01:22 518400 ----a-w- c:\windows\system32\PavSHook.dll 2009-08-23 06:13 . 2009-03-31 01:22 55552 ----a-w- c:\windows\system32\pavipc.dll 2009-08-23 06:13 . 2008-06-26 18:25 197888 ----a-w- c:\windows\system32\drivers\neti1634.sys 2009-08-23 06:13 . 2009-08-23 06:13 -------- d-----w- c:\windows\system32\PAV 2009-08-23 06:13 . 2008-04-29 00:35 84024 ----a-w- c:\windows\system32\drivers\pavdrv51.sys 2009-08-23 06:13 . 2008-03-18 23:58 58672 ----a-w- c:\windows\system32\avldr.dll 2009-08-23 06:13 . 2009-08-23 06:13 -------- d-----w- c:\documents and settings\Dr Jan\Application Data\Panda Security 2009-08-23 06:13 . 2009-08-23 06:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security 2009-08-23 06:05 . 2008-06-20 00:24 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys 2009-08-23 06:03 . 2008-03-04 22:59 41144 ----a-w- c:\windows\system32\drivers\ShlDrv51.sys 2009-08-23 06:03 . 2009-08-23 06:03 -------- d-----w- c:\program files\Common Files\Panda Security 2009-08-23 06:03 . 2009-06-02 20:12 177416 ----a-w- c:\windows\system32\drivers\PavProc.sys 2009-08-23 05:54 . 2009-08-23 05:51 87216408 ----a-w- c:\documents and settings\Dr Jan\IS10promo.exe 2009-08-23 03:58 . 2009-08-23 03:23 175888 ----a-w- C:\activescan2_en.exe 2009-08-20 05:04 . 2009-08-20 05:04 1 ---h--w- c:\windows\ex23567.dat 2009-08-12 23:18 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll 2009-08-09 05:33 . 2009-08-23 12:35 187784 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-08-09 05:30 . 2009-08-09 05:30 -------- d-----w- c:\documents and settings\Dr Jan\Local Settings\Application Data\Sanford,_L.P 2009-08-09 05:14 . 2009-08-09 05:15 -------- d-----w- c:\documents and settings\Dr Jan\Local Settings\Application Data\DYMO 2009-08-09 05:12 . 2009-08-09 05:12 -------- d-----w- c:\program files\DYMO 2009-08-09 05:12 . 2009-08-09 05:12 -------- d-----w- c:\documents and settings\All Users\Application Data\DYMO 2009-08-09 05:09 . 2009-05-20 19:06 9216 ----a-w- c:\windows\system32\LW400MON.DLL 2009-08-09 05:09 . 2009-08-09 05:09 -------- d-----w- c:\program files\DYMO LabelWriter Drivers 2009-08-05 09:01 . 2009-08-05 09:01 204800 ------w- c:\windows\system32\dllcache\mswebdvd.dll . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-08-27 05:10 . 2009-08-23 06:14 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck 2009-08-27 05:10 . 2009-08-23 06:14 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG 2009-08-27 04:51 . 2007-04-18 16:36 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-08-25 22:25 . 2009-08-23 06:14 231240 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck 2009-08-25 08:04 . 2009-08-25 06:08 -------- d-----w- c:\program files\Spyware Doctor 2009-08-25 07:46 . 2009-08-25 02:31 -------- d-----w- c:\documents and settings\Dr Jan\Application Data\Malwarebytes 2009-08-25 07:46 . 2009-08-25 07:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-07-28 06:44 . 2008-12-18 20:12 11522 ----a-w- c:\documents and settings\All Users\Application Data\Intuit\QuickBooks 2008\qbbackup.sys 2009-07-25 05:49 . 2009-07-25 01:10 -------- d-----w- c:\program files\Radica 2009-07-18 04:15 . 2009-07-18 04:15 -------- d-----w- c:\documents and settings\Dr Jan\Application Data\Smith Micro 2009-07-18 03:39 . 2007-10-03 20:50 -------- d-----w- c:\program files\Samsung 2009-07-18 03:37 . 2009-07-18 03:39 9256 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2009-07-18 03:37 . 2009-07-18 03:39 9256 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2009-07-18 03:37 . 2009-07-18 03:39 86824 ----a-w- c:\windows\system32\drivers\sscdserd.sys 2009-07-18 03:37 . 2009-07-18 03:39 106792 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2009-07-18 03:37 . 2009-07-18 03:39 9256 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2009-07-18 03:37 . 2009-07-18 03:39 9256 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2009-07-18 03:37 . 2009-07-18 03:39 80552 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2009-07-18 03:37 . 2009-07-18 03:39 11944 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2009-07-17 19:01 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\atl.dll 2009-07-15 04:45 . 2006-06-26 20:34 -------- d-----w- c:\program files\Google 2009-07-14 06:43 . 2004-08-04 10:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll 2009-06-29 16:12 . 2004-08-04 10:00 827392 ----a-w- c:\windows\system32\wininet.dll 2009-06-29 16:12 . 2004-08-04 10:00 78336 ----a-w- c:\windows\system32\ieencode.dll 2009-06-29 16:12 . 2004-08-04 10:00 17408 ----a-w- c:\windows\system32\corpol.dll 2009-06-16 14:36 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll 2009-06-16 14:36 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll 2009-06-12 12:31 . 2004-08-04 10:00 76288 ----a-w- c:\windows\system32\telnet.exe 2009-06-10 16:19 . 2004-08-04 10:00 2066432 ----a-w- c:\windows\system32\mstscax.dll 2009-06-10 14:13 . 2004-08-04 10:00 84992 ----a-w- c:\windows\system32\avifil32.dll 2009-06-10 06:14 . 2004-08-04 10:00 132096 ----a-w- c:\windows\system32\wkssvc.dll 2009-06-03 19:09 . 2004-08-04 10:00 1291264 ----a-w- c:\windows\system32\quartz.dll 2008-05-16 23:40 . 2008-05-16 23:40 14290 ----a-w- c:\program files\settings.dat 2007-11-09 18:33 . 2007-11-01 16:34 80 --sh--r- c:\windows\SYSTEM32\D7D2344DD3.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "DymoQuickPrint"="c:\program files\DYMO\DYMO Label Software\DymoQuickPrint.exe" [2009-06-24 1882360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" [2009-06-05 574720] "SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2010\Inicio.exe" [2009-04-21 56064] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 23:58 58672 ----a-w- c:\windows\SYSTEM32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice] @="" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice] @="" [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk backup=c:\windows\pss\QuickBooks Update Agent.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "WZCSVC"=2 (0x2) "NtmsSvc"=3 (0x3) "gusvc"=2 (0x2) "Fax"=2 (0x2) "hkmsvc"=3 (0x3) "Ati HotKey Poller"=2 (0x2) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "WeatherCast"="c:\program files\WeatherCast\Weather.exe" /q "WhenUSave"="c:\program files\Save\Save.exe" "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "SunJavaUpdateSched"=c:\program files\Java\j2re1.4.2_03\bin\jusched.exe "IntelMeM"=c:\program files\Intel\Modem Event Monitor\IntelMEM.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Pando Networks\\Pando\\pando.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"= "c:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "1723:TCP"= 1723:TCP:*:Disabled:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:*:Disabled:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 "56117:TCP"= 56117:TCP:Pando P2P TCP Listening Port "56117:UDP"= 56117:UDP:Pando P2P UDP Listening Port "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "8085:TCP"= 8085:TCP:*:Disabled:ddnsfilter R0 pavboot;Panda boot driver;c:\windows\SYSTEM32\DRIVERS\pavboot.sys [8/22/2009 11:05 PM 28544] R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [8/24/2009 11:08 PM 130936] R1 APPFLT;App Filter Plugin;c:\windows\SYSTEM32\DRIVERS\APPFLT.SYS [8/22/2009 11:14 PM 73728] R1 DSAFLT;DSA Filter Plugin;c:\windows\SYSTEM32\DRIVERS\dsaflt.sys [8/22/2009 11:14 PM 52992] R1 FNETMON;NetMon Filter Plugin;c:\windows\SYSTEM32\DRIVERS\fnetmon.sys [8/22/2009 11:14 PM 22072] R1 IDSFLT;Ids Filter Plugin;c:\windows\SYSTEM32\DRIVERS\idsflt.sys [8/22/2009 11:14 PM 193792] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\SYSTEM32\DRIVERS\NETFLTDI.SYS [8/22/2009 11:14 PM 158848] R1 ShldDrv;Panda File Shield Driver;c:\windows\SYSTEM32\DRIVERS\ShlDrv51.sys [8/22/2009 11:03 PM 41144] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\SYSTEM32\DRIVERS\wnmflt.sys [8/22/2009 11:14 PM 46720] R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088] R2 PavProc;Panda Process Protection Driver;c:\windows\SYSTEM32\DRIVERS\PavProc.sys [8/22/2009 11:03 PM 177416] R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2010\psksvc.exe [8/22/2009 11:14 PM 28928] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [3/18/2009 8:55 AM 24652] R3 ComFiltr;Panda Anti-Dialer;c:\windows\SYSTEM32\DRIVERS\COMFiltr.sys [8/24/2009 11:30 AM 13880] R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\SYSTEM32\DRIVERS\neti1634.sys [8/22/2009 11:13 PM 197888] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] S2 gupdate1ca0507d9b898c;Google Update Service (gupdate1ca0507d9b898c);c:\program files\Google\Update\GoogleUpdate.exe [7/14/2009 9:45 PM 133104] S2 PhoneTreeUSB;PhoneTree USB Driver (phontree.sys);c:\windows\system32\Drivers\phontrnt.sys --> c:\windows\system32\Drivers\phontrnt.sys [?] S2 PTHardLoader;PhoneTree USB Loader Driver (pthloadr.sys);c:\windows\system32\Drivers\pthldrnt.sys --> c:\windows\system32\Drivers\pthldrnt.sys [?] S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\RkPavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?] S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/24/2009 11:08 PM 348752] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 ddnsfilter REG_MULTI_SZ ddnsfilter panda REG_MULTI_SZ Gwmsrv . Contents of the 'Scheduled Tasks' folder 2009-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 04:44] 2009-08-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-15 04:44] 2009-08-25 c:\windows\Tasks\Nightly_Director.job - c:\windows\system32\ntbackup.exe [2001-08-18 05:36] 2009-08-15 c:\windows\Tasks\WEEKLY BACK UP JEN.job - c:\windows\system32\ntbackup.exe [2001-08-18 05:36] . - - - - ORPHANS REMOVED - - - - WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://mail.google.com/mail/# uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage/ uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: arthritis.org\www Trusted Zone: intuit.com Trusted Zone: plaxo.com\www DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} - hxxp://workspace.office.live.com/Misc/Microsoft.OfficeLive.Workspace.RichUpload.cab FF - ProfilePath - c:\documents and settings\Dr Jan\Application Data\Mozilla\Firefox\Profiles\wof5s0wb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://mail.google.com/mail/?shva=1#inbox|about:blank FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query= FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper(2).dll FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper(3).dll FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper(4).dll FF - plugin: c:\program files\Panda Security\ActiveScan 2.0\npwrapper(5).dll FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll . . ------- File Associations ------- . JSEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* VBEFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* VBSFile=c:\progra~1\PANDAS~1\PANDAI~1\PAVSCRIP.EXE "%1" %* . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-08-26 22:08 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-3293194026-3219253928-3113169159-1006\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "cd042efbbd7f7af1647644e76e06692b"=hex:2e,e8,e1,00,eb,16,2b,de,aa,5b,b1,6f,33, 34,b7,18,e2,63,26,f1,3f,c8,ff,68,41,78,54,6b,cb,25,73,5e,e2,63,26,f1,3f,c8,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,21,63,7f,ee,fb, 43,c6,c7,6a,9c,d6,61,af,45,84,18,38,bb,d5,45,c2,68,70,5c,6a,9c,d6,61,af,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2c81e34222e8052573023a60d06dd016"=hex:ff,7c,85,e0,43,d4,0e,fe,f1,b4,10,e2,ea, c7,5f,9e,ff,7c,85,e0,43,d4,0e,fe,e7,38,ef,42,95,63,97,c3,ff,7c,85,e0,43,d4,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "2582ae41fb52324423be06337561aa48"=hex:3e,1e,9e,e0,57,5a,93,61,16,c6,70,67,bc, 8c,86,a7,86,8c,21,01,be,91,eb,e7,ba,33,a5,03,1a,41,48,16,86,8c,21,01,be,91,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "caaeda5fd7a9ed7697d9686d4b818472"=hex:e9,02,6c,fa,fb,1d,47,57,b0,29,51,55,a7, c2,24,37,f5,1d,4d,73,a8,13,5c,05,1d,83,69,e8,ac,fb,66,38,f5,1d,4d,73,a8,13,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:b0,18,ed,a7,3f,8d,37,a4,46,3b,eb,27,a7, 2a,6b,19,df,20,58,62,78,6b,cf,c8,4e,9e,52,48,ec,c0,a7,1c,df,20,58,62,78,6b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,c5,79,a0,5b,a1, 56,94,d4,fb,a7,78,e6,12,2f,9a,ea,e2,c6,0d,83,3a,45,f8,77,fb,a7,78,e6,12,2f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1d68fe701cdea33e477eb204b76f993d"=hex:01,3a,48,fc,e8,04,4a,f1,e4,d0,8c,bd,c5, e1,c6,48,01,3a,48,fc,e8,04,4a,f1,82,29,83,2f,7d,40,7b,d2,01,3a,48,fc,e8,04,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "1fac81b91d8e3c5aa4b0a51804d844a3"=hex:f6,0f,4e,58,98,5b,89,c9,66,2d,5c,1f,f7, f8,99,6b,f6,0f,4e,58,98,5b,89,c9,25,df,65,00,2e,63,32,b1,f6,0f,4e,58,98,5b,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "f5f62a6129303efb32fbe080bb27835b"=hex:b1,cd,45,5a,a8,c4,f8,b9,99,95,39,44,af, f8,7d,22,3d,ce,ea,26,2d,45,aa,78,37,32,9f,41,5c,1f,78,77,3d,ce,ea,26,2d,45,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,e7,a0,7c,a2,b2, 0a,0f,b1,2a,b7,cc,b5,b9,7f,41,e7,8b,2c,6d,d9,31,77,a6,50,2a,b7,cc,b5,b9,7f,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*] "ThreadingModel"="Apartment" @="c:\\WINDOWS\\system32\\OLE32.DLL" "8a8aec57dd6508a385616fbc86791ec2"=hex:fa,ea,66,7f,d4,3b,6b,70,b4,df,43,1b,6a, 9c,92,7a,6c,43,2d,1e,aa,22,2f,9c,92,e1,1e,0f,d6,06,73,36,6c,43,2d,1e,aa,22,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1264) c:\windows\system32\avldr.dll - - - - - - - > 'explorer.exe'(3216) c:\windows\system32\WININET.dll c:\program files\Panda Security\Panda Internet Security 2010\pavoepl.dll c:\windows\system32\wpdshext.dll c:\windows\system32\PortableDeviceApi.dll c:\windows\system32\Audiodev.dll c:\windows\system32\WMVCore.DLL c:\windows\system32\WMASF.DLL c:\windows\system32\ieframe.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Panda Security\Panda Internet Security 2010\TPSrv.exe c:\program files\Panda Security\Panda Internet Security 2010\WebProxy.exe c:\program files\Intel\Intel Application Accelerator\IAANTmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Panda Security\Panda Internet Security 2010\PsCtrlS.exe c:\program files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe c:\program files\Panda Security\Panda Internet Security 2010\FIREWALL\PSHost.exe c:\program files\Panda Security\Panda Internet Security 2010\PsImSvc.exe c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe c:\program files\Panda Security\Panda Internet Security 2010\PAVSRV51.EXE c:\program files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE c:\progra~1\MI3AA1~1\rapimgr.exe c:\program files\HP\Digital Imaging\bin\hpqnrs08.exe c:\program files\HP\Digital Imaging\bin\hpqste08.exe c:\program files\Panda Security\Panda Internet Security 2010\SrvLoad.exe c:\program files\Panda Security\Panda Internet Security 2010\PavBckPT.exe . ************************************************************************** . Completion time: 2009-08-27 22:16 - machine was rebooted ComboFix-quarantined-files.txt 2009-08-27 05:15 Pre-Run: 104,555,188,224 bytes free Post-Run: 105,068,408,832 bytes free WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect 497 --- E O F --- 2009-08-13 23:04
  4. Like many others I am fighting a Freddy58/koobface worm that blocks access to Malwarebytes, F-secure, and many others. As a result, I cannot update Mbytes past the database 2551. I have uninstalled, rebooted, ran the cleaner, rebooted, and downloaded a clean version and installed. It runs fine, but will not update and returns a 732 error. Any suggestions? HJThis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 1:45:37 AM, on 8/25/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe C:\WINDOWS\system32\svchost.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2010\WebProxy.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\sySTEM32\SvchoSt.ExE C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\WINDOWS\System32\svchost.exe c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE C:\Program Files\Spyware Doctor\pctsTray.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\Panda Security\Panda Internet Security 2010\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.google.com/mail/# R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 9\SnagitBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe" O4 - HKLM\..\Run: [iSTray] "C:\Program Files\Spyware Doctor\pctsTray.exe" O4 - HKLM\..\Run: [userFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" O4 - HKCU\..\Run: [DymoQuickPrint] "C:\Program Files\DYMO\DYMO Label Software\DymoQuickPrint.exe" /startup O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O15 - Trusted Zone: www.arthritis.org O15 - Trusted Zone: *.intuit.com O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnotes.com/download/mnviewer.cab O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.costcophotocenter.com/CostcoActivia.cab O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/..._2/axofupld.cab O16 - DPF: {6F750203-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://targetphoto.kodakgallery.com/downlo..._2/axofupld.cab O16 - DPF: {7FE26BE2-B923-4B41-9834-E84DA1CC1F96} (Maid Control) - http://vsp.closetmaid.com/vsp/cmaidctl_vsp..._downloader.cab O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab O16 - DPF: {EE884C7D-21A0-49EA-B6F2-61ACF4E226F6} (Microsoft Office Live Workspace Upload Tool) - http://workspace.office.live.com/Misc/Micr....RichUpload.cab O18 - Protocol: intu-help-qb1 - {9B0F96C7-2E4B-433E-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2007\HelpAsyncPluggableProtocol.dll O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing) O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Update Service (gupdate1ca0507d9b898c) (gupdate1ca0507d9b898c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Security International - c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe -- End of file - 10657 bytes
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.