Jump to content

esperanzaDeus

Members
  • Posts

    11
  • Joined

  • Last visited

Everything posted by esperanzaDeus

  1. Hello again Tigger, Your "here is to reality-check advice" about how and what stuff to use, , is most welcome. To be sure, as I keep on repeating, not knowing prompts me "to ask" questions, get feedback and "become more educated". For example, your sound advice of reaching out to the PC Help Forum is a much welcome advice. To be sure, I comitt to starting a new thread in this forum (rather than going at it blindly alone) in the event I encounter new/ additional malware problems. Gracias (Thanx) Tigger!!! esperanzaDeus
  2. Hello Tigger, I just finished running a whole computer scan of my laptop using Panda Global Protection and "Neither viruses nor other malicious malware have been detected", . So I guess my laptop is pure now. Lastly, before you take the step of closing off this thread, would you please let me know if you recommend running a diagnostic tool such as HJT and/or ComboFix periodically and having someone help me decipher such logs so as to maximize my laptop's performance. As I stated earlier, I know the bare bones basic of computers and once my trial license for Panda's Total Global Protection expires I plan to update MBAM to real time protection. Yet, I would like to know what other steps I may take to make sure that no unnecessary stuff gets filed away on my system. So, please give me your input on a, or a few apps, that may help me keep my computer clean and "free" of unnecessary "temp" files and stuff like cookies. What about stuff like ccleaner, lately I also read of so "rootkit" check up apps, such as RootkitRevealer hosted by Microsoft. What do you think? Please do respond to this question on CCleaner and RootkitRevealer. All in all, I understand all of your guidance and patience have paid off bountifully to my benefit. THANK YOU indeed. Chirho!!! esperanzaDeus
  3. Good morning Tigger, Asked to come in to work a bit later to catch up with you. Per your recommendations, I went ahead and looked for the QooBox and Combofix files in the C drive. Somehow, I was only able to find the Qoobox file and deleted it. On the other hand, I searched for any "combofix" files (using Explore, Search and Run) but nothing came up. So I am a bit at odds, :0(. I trust Combofix is gone completely. On a more comprehensive update. Way way last night, because of how long it took, I went ahead and "went back to the basics" of running scans with more than one antivirus application to confirm the "purity" of a system. So, I went to Kaspersky and ran the Kaspersky Online Scan on my computer. Kaspersky found nothing . Ok. Just this morning I opted to run the very first malware scan app that identified part of the problem I started with, this app being SysClean by Trend Micro Systems. I did not uninstall the version that detected the virus when I fist picked them up before the end of the year, and although there are more newer releases for SysClean I am not sure how to uninstall it completely and download a newer release and also because I don't have much time right now, and I wanted to give you an update really bad. So I ran the release of SysCleam that I have in my C drive and something a bit odd came up while the scan was performing. I noticed that there were several lines where SysClean reported something of an <Error 94> when scanning some dat and some ddt? files. I think the pathnames referenced included something like "chat message, user..." under NT. However, the only "chatting" I have done is posting messages to this forum. All in all, Micro Tren did not find any viruses either, . Here is the SysClean log file for this morning's scan /--------------------------------------------------------------\ | Trend Micro System Cleaner | | Copyright 2006-2007, Trend Micro, Inc. | | http://www.antivirus.com | \--------------------------------------------------------------/ 2009-01-22, 07:47:31, Auto-clean mode specified. 2009-01-22, 07:47:32, Initialized Rootkit Driver version 2.2.0.1004. 2009-01-22, 07:47:32, Running scanner "C:\SysFolder\TSC.BIN"... 2009-01-22, 07:48:13, Scanner "C:\SysFolder\TSC.BIN" has finished running. 2009-01-22, 07:48:13, TSC Log:
  4. Hello Tigger, Per my most recent message to you. Here are the latest logs for MBAM and HJT: 1. MBAM log, Malwarebytes' Anti-Malware 1.33 Database version: 1673 Windows 5.1.2600 Service Pack 3 1/20/2009 11:12:27 PM mbam-log-2009-01-20 (23-12-27).txt Scan type: Full Scan (C:\|) Objects scanned: 99533 Time elapsed: 35 minute(s), 33 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) 2. HJT log, Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:21, on 1/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Panda Security\Panda Global Protection 2009\IFACE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csusm.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe -- End of file - 10505 bytes Again, THANK YOU in advance for your continued help. esperanzaDeus
  5. Hello Tigger, As part of giving you an update on any further problems or on any "lingering malware", I went ahead and ran a SCAN of my computer using Panda Global Protection. I went ahead and ran the SCAN just after my computer booted up. There was an update and I went ahead and updated the virus and threats definitions from Panda. So, I let the SCAN ran while I had dinner. OK. So, I checked on my computer to see how the Panda SCAN was doing, and lo and behold the SCAN found a virus, something called Trj/CI.A. Here is the information on that: Panda Global Protection 2009 incident report Filter selected:Virus detected, Suspicious file, Dangerous file, Script execution, Phone connection, Connection attempt, Port scan attack, Denial of service attack, Spoofing, Attacking IP address blocked, Enabled, Disabled, Update, Scan started, Scan complete, Date: All INCIDENT NOTIFIED BY DATE-TIME RESULT ADDITIONAL INFORMATION ---------------- Virus detected: Trj/CI.A On-demand antivirus scan 1/20/2009 20:46 Deleted Path: C:\Documents and Settings\Tony\Desktop\ComboFix.exe Once the Panda SCAN ended I attempted to follow through your instructions to remove ComboFix. However, when I checked the screen and tried Start>Run>comboFix /u, the icon for ComboFix was gone and a message window comes up saying "Windows cannot find 'combofix'...." My guess is that Panda removed the ComboFix.exe file when it detected the Virus Trj/CI.A somehow attached to ComboFix. Ok. I have some concerns. I am not sure if this applies to what happened to me, but I understand that in some cases when something gets deleted, please note that I am not saying "uninstalled", some files that the application or file may have used and produced are left behind. So, my first concern is what if Panda in deleting the ComboFix.exe file DID NOT uninstall all of the temporary files that ComboFix may have created and filed in my system, somehow leaving those files behind in my hard drive. So, how can I "uninstall" such any ComboFix related files that may have been left behind the moment Panda deleted the ComboFix.exe file. In other words, what do I do now? FYI, using EXPLORE I ran into a FOLDER in the C drive that goes by the name of Qoobox. The file appears to have stuff related to ComboFix. For example, in that folder there are two addtl files called BankEnv and Quarantine, a ComboFix-Quarantined-files.txt file, the CFScript I may have used last night from your post yesterday, and two files called Snapshot... All in all, is the Qoobox Folder something that I need to delete as well, now manually. Overall, my computer is running better with no more "Bad Image" message popping up at startup or when opening up apps. My goal now is to please get your input on may I do to check that the Trj.CI.A is completely gone and will not come back. Also, can your help me by rechecking new MBAM and HJT logs. I will post the logs when the MBAM scan is over in a bit. Lastly, do I need to redownload ComboFix from the links you gave me earlier and ran a new ComboFix scan? Again, your continued help and investment in my computer virus/ trojans related issues is very much appreciated. Thanks, esperanzaDeus
  6. Hello Tigger, I am just leaving work, around 7:00 p.m. PST. I will remove ComboFix when I get home in a couple of hours, and will give you an update on how things are running. Again, it may just take me a bit to reply to you b/c I have a few errands to run. esperanzaDeus
  7. Hello Tigger, I ran the procedure that you instructed me to do, dragging the CFScript.txt file into ComboFix. As you stated, ComboFix was started and it produced a log file. However, once the log file popped up on the screen, my computer seemed to go 'blank' as none of the Desktop ICONS appeared on the screen only the screensaver. I allowed about 5 minutes after the ComboFix log report appeared on the screen but nothing seemed to happen, and the computer DID NOT reboot on its own as it did yesterday, when I ran the first instance of ComboFix on my computer, per your instructions. Please note that I DID NOT TOUCH any of the keys or the mouse, touchpad. Because nothing seemed to be happening, I turned off the laptob by pressing down on the "POWER" button and unplugged it for about 2-3 minutes. Then I rebooted the computer manually. Once the computer rebooted, and the Desktop icons had repopulated the computer screen, I did a bit of looking for the ComboFix log file using EXPLORE; the ComboFix log file is that which was produced per the CFScript.txt file. I posted that log below. Now, here is a big question for you. May you please take a look at the ComboFix log file and tell me if everything went well? As I said above, the computer seemed to "froze" and I am affraid that the ComboFix scan did not go well. On the other hand, the fact that the ComboFix log was produced may very possibly mean that tonight's ComboFix Scan, per your codebox command entries, went well. Please let me know what you think. *****Here is the ComboFix log***** ComboFix 09-01-18.01 - Tony 2009-01-20 0:27:43.2 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.135 [GMT -8:00] Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tony\Desktop\CFScript.txt AV: Panda Global Protection 2009 *On-access scanning disabled* (Updated) FW: Panda Personal Firewall 2009 *disabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! FILE :: c:\windows\system32\dllcache\rpcss.dll c:\windows\system32\gatosisu.dll c:\windows\system32\jelihepe.dll c:\windows\system32\majegafu.dll c:\windows\system32\togupiji c:\windows\system32\tuforihu.dll c:\windows\Tasks\seqjujpc.job . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\dllcache\rpcss.dll c:\windows\system32\gatosisu.dll c:\windows\system32\jelihepe.dll c:\windows\system32\majegafu.dll c:\windows\system32\togupiji c:\windows\system32\tuforihu.dll c:\windows\Tasks\seqjujpc.job . ((((((((((((((((((((((((( Files Created from 2008-12-20 to 2009-01-20 ))))))))))))))))))))))))))))))) . 2009-01-13 23:36 . 2009-01-13 23:36 <DIR> d-------- c:\program files\Trend Micro 2009-01-12 00:10 . 2009-01-17 22:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-12 00:10 . 2009-01-12 00:10 <DIR> d-------- c:\documents and settings\Tony\Application Data\Malwarebytes 2009-01-12 00:10 . 2009-01-12 00:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-12 00:10 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-12 00:10 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2008-12-28 03:30 . 2008-12-28 18:22 <DIR> d-------- C:\SysFolder 2008-12-28 02:29 . 2009-01-19 23:35 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys 2008-12-28 00:31 . 2008-12-28 00:31 <DIR> d-------- c:\documents and settings\Administrator 2008-12-27 22:26 . 2009-01-18 16:12 8,627 --a------ c:\windows\system32\PAV_FOG.OPC 2008-12-27 22:07 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys 2008-12-27 22:07 . 2008-12-27 22:07 261 --a------ c:\windows\system32\PavCPL.dat 2008-12-27 22:06 . 2009-01-18 15:15 242,408 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck 2008-12-27 22:06 . 2009-01-18 15:15 242,408 --a------ c:\windows\system32\drivers\APPFCONT.DAT 2008-12-27 22:06 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys 2008-12-27 22:06 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys 2008-12-27 22:06 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys 2008-12-27 22:06 . 2009-01-20 00:21 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck 2008-12-27 22:06 . 2009-01-20 00:21 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG 2008-12-27 22:05 . 2008-12-27 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Backup 2008-12-27 22:05 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS 2008-12-27 22:05 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS 2008-12-27 22:05 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys 2008-12-27 22:04 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl 2008-12-27 22:03 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll 2008-12-27 22:02 . 2008-12-27 22:02 <DIR> d-------- c:\windows\system32\PAV 2008-12-27 22:02 . 2008-12-27 22:02 <DIR> d-------- c:\program files\Panda Security 2008-12-27 22:02 . 2008-12-27 22:02 <DIR> d-------- c:\documents and settings\Tony\Application Data\Panda Security 2008-12-27 22:02 . 2008-12-27 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Panda Security 2008-12-27 22:02 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll 2008-12-27 22:02 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys 2008-12-27 22:02 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll 2008-12-27 22:02 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL 2008-12-27 22:02 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll 2008-12-27 22:02 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll 2008-12-27 22:02 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll 2008-12-27 21:59 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-12-27 21:57 . 2008-12-27 21:57 <DIR> d-------- c:\program files\Common Files\Panda Security 2008-12-27 21:57 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys 2008-12-27 21:57 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys 2008-12-27 21:38 . 2008-12-27 21:38 <DIR> d-------- C:\kav 2008-12-27 18:10 . 2008-12-27 18:10 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-12-27 18:10 . 2008-12-27 18:10 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-12-27 18:10 . 2008-12-27 18:10 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2008-12-27 18:10 . 2008-12-27 18:10 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-20 08:31 --------- d-----w c:\documents and settings\Tony\Application Data\Skype 2009-01-20 07:37 --------- d-----w c:\documents and settings\Tony\Application Data\skypePM 2008-12-28 06:02 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-28 03:17 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-28 03:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-27 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys 2008-11-23 20:46 --------- d-----w c:\documents and settings\Tony\Application Data\U3 2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll 2008-10-03 06:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100220081003\index.dat . ((((((((((((((((((((((((((((( snapshot@2009-01-18_17.20.50.62 ))))))))))))))))))))))))))))))))))))))))) . - 2008-09-08 10:41:42 333,824 -c----w c:\windows\system32\dllcache\srv.sys + 2008-12-11 10:57:09 333,952 -c----w c:\windows\system32\dllcache\srv.sys + 2009-01-10 01:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe + 2009-01-20 07:41:35 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_a84.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-06-03 21718312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-12-03 869632] "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 180224] KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 16:58 58672 c:\windows\system32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Documents and Settings\\Tony\\Desktop\\setup.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\kav\\kav7\\setup.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2008-12-27 28544] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-12-27 73728] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-12-27 52992] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-12-27 22072] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-12-27 193792] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-12-27 22:05:15 158848] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-12-27 41144] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-12-27 46720] R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2008-12-27 197888] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-12-27 179640] R4 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\psksvc.exe [2008-12-27 28928] S3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [2008-07-04 457856] --- Other Services/Drivers In Memory --- *Deregistered* - ComFiltr [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] panda REG_MULTI_SZ Gwmsrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder 2008-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-28 c:\windows\Tasks\Basic clean-up.job - c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe [2008-07-03 17:55] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.csusm.edu/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\ltty772m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Creative Commons FF - prefs.js: browser.startup.homepage - hxxp://www.csusm.edu/ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-20 00:31:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?7?2?8??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1192) c:\windows\system32\avldr.dll . Completion time: 2009-01-20 0:34:30 ComboFix-quarantined-files.txt 2009-01-20 08:33:34 ComboFix2.txt 2009-01-19 01:23:09 Pre-Run: 48,752,283,648 bytes free Post-Run: 48,747,999,232 bytes free 214 --- E O F --- 2009-01-19 08:18:21 *****Here is the HJT log file***** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:03, on 1/20/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csusm.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe -- End of file - 10433 bytes Sorry it took me a bit to read your post, and to proceed with your instructions. As I said, it was a bit of a long day at work. Thanks a million!!! esperanzaDeus
  8. Hello again Tigger, It was a long day at work and I have just turned on my computer to check my e-mails and continue looking into getting my laptop into top shape. I will try your next recommendation and will post the logs in a bit. esperanzaDeus
  9. Hello Tigger, Disabling Panda allowed me to download "ComboFix", install it and run it. Here is the log; it's a bit lengthy. (Note: May you please tell me what each section of the log means, just want to become more informed, :0). Also, one thing that worried me a bit when reading the log is the WARNING. Just by chance I came across another user's problems, yes I like to learn a bit more every now and then, and there was some talk about installing a "Recovery Console", is that something recommended for anyone, in the event of an infection. Lastly, how is it possible that I may have the "Recovery Console" installed just to be more prepared for another incident and be more assured not to be caught off guard in the event of a more challenging circumstance.) ComboFix 09-01-18.01 - Tony 2009-01-18 17:07:21.1 - NTFSx86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.478.143 [GMT -8:00] Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe AV: Panda Global Protection 2009 *On-access scanning disabled* (Updated) FW: Panda Personal Firewall 2009 *disabled* * Created a new restore point WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat c:\documents and settings\Tony\Application Data\install.dat c:\documents and settings\Tony\Local Settings\Temporary Internet Files\fbk.sts c:\windows\IE4 Error Log.txt c:\windows\system32\amunojez.ini c:\windows\system32\awujasek.ini c:\windows\system32\biaybxkv.ini c:\windows\system32\bijonebe.dll c:\windows\system32\cadmqqjd.dll c:\windows\system32\efelagiv.ini c:\windows\system32\fdpbjuyf.ini c:\windows\system32\gilareku.dll c:\windows\system32\gizivami.dll c:\windows\system32\ifihiyin.ini c:\windows\system32\iturifan.ini c:\windows\system32\labufibi.dll c:\windows\system32\ledohefi.dll c:\windows\system32\nomepume.dll c:\windows\system32\novojona.dll c:\windows\system32\obvampdq.dll c:\windows\system32\oftphsec.dll c:\windows\system32\ppfekcmk.dll c:\windows\system32\uvoperow.ini c:\windows\system32\vojonoku.dll c:\windows\system32\zidepego.dll c:\windows\wiaserviv.log ----- BITS: Possible infected sites ----- hxxp://77.74.48.105 . ((((((((((((((((((((((((( Files Created from 2008-12-19 to 2009-01-19 ))))))))))))))))))))))))))))))) . 2009-01-17 05:35 . 2009-01-17 05:35 399,360 --a------ c:\windows\system32\dllcache\rpcss.dll 2009-01-13 23:36 . 2009-01-13 23:36 <DIR> d-------- c:\program files\Trend Micro 2009-01-12 00:10 . 2009-01-17 22:14 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware 2009-01-12 00:10 . 2009-01-12 00:10 <DIR> d-------- c:\documents and settings\Tony\Application Data\Malwarebytes 2009-01-12 00:10 . 2009-01-12 00:10 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes 2009-01-12 00:10 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys 2009-01-12 00:10 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys 2009-01-07 10:03 . 2009-01-07 10:03 2,713 ---hs---- c:\windows\system32\tuforihu.dll 2009-01-06 22:02 . 2009-01-06 22:02 2,713 ---hs---- c:\windows\system32\majegafu.dll 2009-01-02 21:37 . 2009-01-02 21:37 2,713 ---hs---- c:\windows\system32\togupiji 2009-01-02 09:39 . 2009-01-02 09:39 2,713 ---hs---- c:\windows\system32\jelihepe.dll 2008-12-31 11:05 . 2008-12-31 11:05 2,713 ---hs---- c:\windows\system32\gatosisu.dll 2008-12-28 03:30 . 2008-12-28 18:22 <DIR> d-------- C:\SysFolder 2008-12-28 02:29 . 2009-01-18 15:15 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys 2008-12-28 00:31 . 2008-12-28 00:31 <DIR> d-------- c:\documents and settings\Administrator 2008-12-27 22:26 . 2009-01-18 16:12 8,627 --a------ c:\windows\system32\PAV_FOG.OPC 2008-12-27 22:07 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys 2008-12-27 22:07 . 2008-12-27 22:07 261 --a------ c:\windows\system32\PavCPL.dat 2008-12-27 22:06 . 2009-01-18 15:15 242,408 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck 2008-12-27 22:06 . 2009-01-18 15:15 242,408 --a------ c:\windows\system32\drivers\APPFCONT.DAT 2008-12-27 22:06 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys 2008-12-27 22:06 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys 2008-12-27 22:06 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys 2008-12-27 22:06 . 2009-01-18 17:14 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck 2008-12-27 22:06 . 2009-01-18 17:14 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG 2008-12-27 22:05 . 2008-12-27 22:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Backup 2008-12-27 22:05 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS 2008-12-27 22:05 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS 2008-12-27 22:05 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys 2008-12-27 22:04 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl 2008-12-27 22:03 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll 2008-12-27 22:02 . 2008-12-27 22:02 <DIR> d-------- c:\windows\system32\PAV 2008-12-27 22:02 . 2008-12-27 22:02 <DIR> d-------- c:\program files\Panda Security 2008-12-27 22:02 . 2008-12-27 22:02 <DIR> d-------- c:\documents and settings\Tony\Application Data\Panda Security 2008-12-27 22:02 . 2008-12-27 22:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Panda Security 2008-12-27 22:02 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll 2008-12-27 22:02 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys 2008-12-27 22:02 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll 2008-12-27 22:02 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL 2008-12-27 22:02 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll 2008-12-27 22:02 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll 2008-12-27 22:02 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll 2008-12-27 21:59 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys 2008-12-27 21:57 . 2008-12-27 21:57 <DIR> d-------- c:\program files\Common Files\Panda Security 2008-12-27 21:57 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys 2008-12-27 21:57 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys 2008-12-27 21:38 . 2008-12-27 21:38 <DIR> d-------- C:\kav 2008-12-27 18:10 . 2008-12-27 18:10 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy) 2008-12-27 18:10 . 2008-12-27 18:10 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy) 2008-12-27 18:10 . 2008-12-27 18:10 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy) 2008-12-27 18:10 . 2008-12-27 18:10 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy) . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-01-19 00:23 --------- d-----w c:\documents and settings\Tony\Application Data\Skype 2009-01-19 00:06 --------- d-----w c:\documents and settings\Tony\Application Data\skypePM 2008-12-28 06:02 --------- d--h--w c:\program files\InstallShield Installation Information 2008-12-28 03:17 --------- d-----w c:\program files\Spybot - Search & Destroy 2008-12-28 03:12 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2008-12-27 21:24 --------- d-----w c:\documents and settings\All Users\Application Data\avg8 2008-11-23 20:46 --------- d-----w c:\documents and settings\Tony\Application Data\U3 2008-10-03 06:28 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008100220081003\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-06 68856] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2008-06-03 21718312] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952] "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168] "HPHUPD05"="c:\program files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-05-22 49152] "HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2002-12-17 49152] "HPHmon05"="c:\windows\system32\hphmon05.exe" [2003-05-22 483328] "SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-05-26 98304] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-05-26 536576] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-17 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-06-17 118784] "Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2004-04-30 208958] "eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 286720] "UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592] "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-05 185896] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576] "APVXDWIN"="c:\program files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" [2008-12-03 869632] "SCANINICIO"="c:\program files\Panda Security\Panda Global Protection 2009\Inicio.exe" [2008-07-07 50432] c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 29696] Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-06-02 180224] KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-02-13 16423] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr] 2008-03-18 16:58 58672 c:\windows\system32\avldr.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"= "c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"= "c:\\Documents and Settings\\Tony\\Desktop\\setup.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\kav\\kav7\\setup.exe"= "c:\\Program Files\\Synaptics\\SynTP\\SynTPLpr.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2008-12-27 28544] R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2008-12-27 73728] R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2008-12-27 52992] R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2008-12-27 22072] R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2008-12-27 193792] R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2008-12-27 22:05:15 158848] R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2008-12-27 41144] R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2008-12-27 46720] R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2008-12-27 197888] R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?] R4 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?] R4 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2008-12-27 179640] R4 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Global Protection 2009\psksvc.exe [2008-12-27 28928] S3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [2008-07-04 457856] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] panda REG_MULTI_SZ Gwmsrv [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\G] \Shell\AutoRun\command - G:\LaunchU3.exe . Contents of the 'Scheduled Tasks' folder 2008-12-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34] 2008-12-28 c:\windows\Tasks\Basic clean-up.job - c:\program files\Panda Security\Panda Global Protection 2009\PlaTasks.exe [2008-07-03 17:55] 2009-01-19 c:\windows\Tasks\seqjujpc.job - c:\windows\system32\rundll32.exe [2008-04-13 16:12] . - - - - ORPHANS REMOVED - - - - HKLM-Run-UpgConfVer - (no file) Notify-WgaLogon - (no file) . ------- Supplementary Scan ------- . uStart Page = hxxp://www.csusm.edu/ uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=presario&pf=laptop uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\ltty772m.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Creative Commons FF - prefs.js: browser.startup.homepage - hxxp://www.csusm.edu/ FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-01-18 17:14:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????2?7?2?8??????? ???B???????????????B? ?????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(1192) c:\windows\system32\avldr.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Panda Security\Panda Global Protection 2009\TPSrv.exe c:\program files\Panda Security\Panda Global Protection 2009\WebProxy.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\Panda Security\Panda Global Protection 2009\PsCtrlS.exe c:\program files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe c:\program files\Common Files\Panda Security\PavShld\PavPrSrv.exe c:\program files\Panda Security\Panda Global Protection 2009\PsImSvc.exe c:\program files\Panda Security\Panda Global Protection 2009\PAVSRV51.EXE c:\program files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE c:\program files\Panda Security\Panda Global Protection 2009\FIREWALL\PSHost.exe c:\windows\system32\wscntfy.exe c:\program files\Panda Security\Panda Global Protection 2009\SrvLoad.exe c:\program files\Panda Security\Panda Global Protection 2009\PavBckPT.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\program files\Java\jre1.6.0_07\bin\jucheck.exe . ************************************************************************** . Completion time: 2009-01-18 17:23:06 - machine was rebooted ComboFix-quarantined-files.txt 2009-01-19 01:22:48 Pre-Run: 48,920,723,456 bytes free Post-Run: 48,824,188,928 bytes free 249 --- E O F --- 2008-12-18 19:21:12 B. Note: ***Here is the most recent HJT log:*** Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:38, on 1/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Panda Security\Panda Global Protection 2009\IFACE.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csusm.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe -- End of file - 10537 bytes Again, THANK YOU for your continued help. esperanzaDeus
  10. Hello, As instructed to me, I opened HJT. However, this time O4 - HKUS\S-1-5-20\..\Run: [japikebuma] Rundll32.exe "C:\WINDOWS\system32\sujetafa.dll",s (User 'NETWORK SERVICE') no longer came up on HJT. So, I only checked the other four remaining items and check "Fix Checked". Now, I am just very CONFUSED because when I tried proceeding to Download ComboFix from links 1 and 2 from the three choices offered, the download could not complete. In both instances, as ComboFix was downloading, close to about 97% download, I get a message from Panda something like this, "Heuristic scan discovered a malicious file and has deleted". My interpretation of the event is that Panda, currently I have a Trial Panda Total Protection license, thinks ComboFix is a threat and it did not allow ComboFix to download. (FYI, MozillaFireFox's Download window has FAILED next to both instances of ComboFix attempts to download, also Panda's Event Log says "Suspicious Files Notified".) May I please be informed if and how I need to make Panda allow me to download ComboFix. That is, will I need to adjust Panda's protection settings (i.e., turn off the firewall, and allow momentarily inbound connections from the Internet, Mozilla Firefox) so I can download ComboFix, Save it to my desktop and run the app. I await your reply. In the meantime, below I have posted the most recent HJT log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:15:11 PM, on 1/18/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Panda Security\Panda Global Protection 2009\IFACE.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PAVJOBS.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csusm.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe" O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe -- End of file - 10506 bytes Thanks a million for your continued feedback and help. esperanzaDeus
  11. Greetings, I am quite new at how to handle trojan/virus infections. Although I had a free AVG Antivirus installed in my computer, my system got infected just before the new year and I have had little luck with getting it back to normal. I got a Free Trial Panda Global Protection subscription but that did not do much good "against" something called a trj/downloader.mdw. I kept running line scans with Panda's Scan Tool, but Panda did not do anything to the Trojan for close to a week and a half. Panda helped quite a bit with Ad-Ware but I feel there is little Panda can do now, especially since their Tech Support has requested that I call them over the Paid Phone Support Line that they have available. And to be honest, I rather upgrade to Malwarebytes Anti-Malware Real Time protection, then to try to continue seeking the help of Panda for the time being. Just a few days ago, I finally lookup a "jasutudo.dll" message that I get every so often and came across the Malwarebytes Forum. I registered and have followed the "I'm infected, what do I do now" protocol, and thus I have put this message together. My current problem parallels that of another member named "mukhi." This is what mukhi wrote: "any program i am trying to open (Windows XP Home), for example, notepad, i am getting this error message: NOTEPAD.EXE - Bad Image The application or DLL C:\WINDOWS\system32\yepogofa.dll is not a valid Windows image. Please check this against your installation diskette. since yesterday my firefox is opening on its own leading to unwanted sites. IE is unaffected. i am trying to describe what is happening: if i click to open firefox to go to say, google.com, after a few seconds another firefox window is popping up leading to unwanted site. then another, then another!!! even if i click to open IE to go to say, google.com, after a few seconds a firefox window is popping up leading to unwanted site. then another, then another!!!" End of mukhi's description of his problem, pretty much very similar to the problem I have. ****Here is an outline of the steps I have taken, as well as, my CURRENT PROBLEM**** The Steps I have taken: 1. Per the "I'm infected, what do I do now protocol", I launched Malwarebytes' Anti-Malware ran a quick scan and Malwarebytes took care of the following three trojans: trojan.vundo, trojan.vundo.H, and trojan.Agent. 2. The popping up of webpages that mukhi also described in his message, and which were also happening to me, stopped affecting my system after the initial scan of Malwarebytes nuked out the three trojans. In other words, I can surf the net with no more obnoxious pop-ups. 3. However, the very disturbing problem is that I keep getting a similar "Bad Image" message to that of mukhi. For instance, in the process of opening the most recent Malwarebytes log file I got the message NOTEPAD.EXE - Bad Image The application or DLL C:\WINDOWS\system32\bijonebe.dll is not a valid Windows image. Please check this against your installation diskette. 4. I went ahead and ran the TrendMicro HijackThis application, again, as instructed on the "I am infected...protocol", and obtained a HijackThis Log file, which I have included below, as number 6 of this outline. 5. As the last step, I am posting both my latest Malwarebytes log file, just below: Malwarebytes' Anti-Malware 1.33 Database version: 1663 Windows 5.1.2600 Service Pack 3 1/17/2009 11:15:42 PM mbam-log-2009-01-17 (23-15-42).txt Scan type: Full Scan (C:\|) Objects scanned: 99094 Time elapsed: 42 minute(s), 20 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) 6. Moreover, I am also posting, below, the log file I got from the HijackThis app. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 11:16:30 PM, on 1/17/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16762) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe C:\WINDOWS\system32\hphmon05.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\system32\igfxtray.exe C:\WINDOWS\system32\hkcmd.exe C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\PixArt\PAC7302\Monitor.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.csusm.edu/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...o&pf=laptop R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: (no name) - {18142E76-36B3-4961-B951-C72F1661B750} - C:\WINDOWS\system32\byXNefda.dll (file missing) O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe O4 - HKLM\..\Run: [HP Software Update] "c:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe O4 - HKLM\..\Run: [synTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start O4 - HKLM\..\Run: [updateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [funk] funk.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe" O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKUS\S-1-5-20\..\Run: [japikebuma] Rundll32.exe "C:\WINDOWS\system32\sujetafa.dll",s (User 'NETWORK SERVICE') O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe O4 - Global Startup: KODAK Software Updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\WINDOWS\system32\bijonebe.dll, njlned.dll O20 - Winlogon Notify: ssqRIYsT - ssqRIYsT.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe -- End of file - 10965 bytes 7. Kindly review the logs I have posted above and offer me some invaluable feedback to address my current "BAD IMAGE. EXE" Problem. I will not install any other programs or take any other action until I am instructed to do so by Malwarebytes Anti-Malware staff. Best regards, esperanzaDeus
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.