Jump to content
Sign in to follow this  
Nemesis_1

Panda Won't Update

Recommended Posts

Hello my panda software refuses to update. I have tried multiple times to uninstall and do a clean install of the antivirus. When I wave my mouse over the symbol it says panda hasn't been updated since 9/24/08. I have tried contacting their tech support and beings the failures they are they send me an email saying call them and pay more money for support. I tried loading the antivirus scanner from this site and all it does is sit there and say loading the antivirus scanner. No scans that I was able to do picked up anything. Anyway here is my HJT log thanks.

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 12:26:26 PM, on 2/4/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe

C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE

C:\WINDOWS\Explorer.EXE

c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2009\ApvxdWin.exe

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

c:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\SRVLOAD.EXE

C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\Upgrader.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\psimreal.exe

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZCL4CK4J\HiJackThis[1].exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll (file missing)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - (no file)

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F02FABCB-92DD-475A-98AF-14217BD50746} - (no file)

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [showWnd] ShowWnd.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O4 - Global Startup: run_startmenu.cmd

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/popcaploader_v10.cab

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe

 

--

End of file - 9276 bytes

Share this post


Link to post
Share on other sites

Hi and welcome

 

 

Things are busy, not ignoring anyone.

I will try to help but can't say I know whats going on.

 

When trying to uninstall, by chance did you reboot your machine before doing a fresh install?

 

 

O4 - Global Startup: run_startmenu.cmd

 

Did you set this? Or created this cmd? To find out what's inside, navigate to the C:\Documents and Settings\All users\Start Menu\Programs\Startup\ folder and find the run_startmenu.cmd file in there.

Rightclick it and select to edit. It's contents should then open in notepad. Please post the contents in your next reply.

Share this post


Link to post
Share on other sites

What is happening is out of the blue Panda stopped updating and at times the machine goes into lag heaven for no apparent reason. I hadn't updated for ten days so then I started doing the clean installs which didnt change anything. I do understand your busy :P I just bumped it with a question. I did reboot before doing a reinstall yes. I didn't edit or create anything of what you had mentioned. Here is what I found in the folder.

 

@echo off

c:\windows\i386\apps\startmenu.cmd

Share this post


Link to post
Share on other sites

Welcome back

 

Not able to find much on problems with PIS...

 

http://www.pandasecurity.com/homeusers/sup...ate&tipo=bc

 

 

 

NEXT**

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.

Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.

 

# Open Spybot Search & Destroy.

# In the Mode menu click "Advanced mode" if not already selected.

# Choose "Yes" at the Warning prompt.

# Expand the "Tools" menu.

# Click "Resident".

# Uncheck the "Resident "TeaTimer" (Protection of overall system settings)

active." box.

# In the File menu click "Exit" to exit Spybot Search & Destroy.

 

* See this link for a tutorial http://russelltexas.com/malware/teatimer.htm

 

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

O2 - BHO: Gamevance - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll (file missing)

O2 - BHO: (no name) - {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - (no file)

O4 - Global Startup: run_startmenu.cmd

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}

 

 

 

 

 

Download Combofix from any of the links below. Save it to your desktop.

 

Link 1

Link 2

Link 3

 

 

--------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

(Click on this link to see a list of programs that should be disabled.)

http://www.bleepingcomputer.com/forums/topic114351.html

Panda Internet Security Suite

Please navigate to the system tray on the bottom right hand corner and look for a sign that looks like a Pandabear head.

 

* Right click it-> select "Close automatic protection.".

* A message will pop up and warn you about disabling the protection. Chose "Yes."

* The above sign in the systemtray will now disapear.

 

You succesfully disabled the Panda Internet Security Guard.

 

 

 

 

Double click on Combo-Fix.exe & follow the prompts.

 

Please allow ComboFix to install, if needed, Windows Recovery Console. It is a simple procedure that will only take a few moments of your time.

 

No Validation is Required.

 

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

 

 

 

** Please Note:

At times ComboFix may appear to stall, please be patient.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.
Please only run the tool once, ty.

 

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.

Don't select to run the Recovery Console as we don't need it.

By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

 

You may need several replies to post the requested logs, otherwise they might get cut off.

Edited by Juliet

Share this post


Link to post
Share on other sites

ComboFix 09-02-06.01 - Owner 2009-02-06 11:39:34.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.446.165 [GMT -6:00]

Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

AV: Panda Internet Security 2009 *On-access scanning disabled* (Updated)

FW: Panda Personal Firewall 2009 *disabled*

* Created a new restore point

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\windows\system32\AutoRun.inf

D:\Autorun.inf

 

.

((((((((((((((((((((((((( Files Created from 2009-01-06 to 2009-02-06 )))))))))))))))))))))))))))))))

.

 

2009-02-06 11:28 . 2009-02-06 11:28 <DIR> d-------- c:\program files\Trend Micro

2009-02-05 12:28 . 2009-02-05 12:28 0 --a------ c:\windows\hpqEmlSz.INI

2009-02-04 16:58 . 2009-02-05 02:31 <DIR> d-------- c:\documents and settings\Owner\.housecall6.6

2009-02-04 16:15 . 2009-02-04 16:15 <DIR> d-------- c:\program files\Lavasoft

2009-02-04 16:15 . 2009-02-04 16:18 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-04 12:23 . 2009-02-04 12:23 <DIR> d-------- c:\program files\PCPitstop

2009-02-02 11:29 . 2009-02-02 12:10 <DIR> d-------- c:\program files\EsetOnlineScanner

2009-01-30 16:35 . 2009-01-30 16:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\PopCap

2009-01-30 05:11 . 2009-02-06 02:56 13,880 --a------ c:\windows\system32\drivers\COMFiltr.sys

2009-01-30 05:08 . 2009-02-05 22:04 240,904 --a------ c:\windows\system32\drivers\APPFCONT.DAT.bck

2009-01-30 05:08 . 2009-02-05 22:04 240,904 --a------ c:\windows\system32\drivers\APPFCONT.DAT

2009-01-30 05:08 . 2008-04-28 17:35 84,024 --a------ c:\windows\system32\drivers\pavdrv51.sys

2009-01-30 05:08 . 2009-02-06 02:56 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG.bck

2009-01-30 05:08 . 2009-02-06 02:56 1,132 --a------ c:\windows\system32\drivers\APPFLTR.CFG

2009-01-30 05:08 . 2009-01-30 05:08 261 --a------ c:\windows\system32\PavCPL.dat

2009-01-30 05:07 . 2008-06-18 16:06 193,792 --a------ c:\windows\system32\drivers\idsflt.sys

2009-01-30 05:07 . 2008-07-11 14:58 158,848 --a------ c:\windows\system32\drivers\NETFLTDI.SYS

2009-01-30 05:07 . 2008-06-25 15:42 73,728 --a------ c:\windows\system32\drivers\APPFLT.SYS

2009-01-30 05:07 . 2007-03-15 19:38 54,832 --a------ c:\windows\system32\pavcpl.cpl

2009-01-30 05:07 . 2008-06-18 16:06 52,992 --a------ c:\windows\system32\drivers\dsaflt.sys

2009-01-30 05:07 . 2008-06-18 16:06 46,720 --a------ c:\windows\system32\drivers\wnmflt.sys

2009-01-30 05:07 . 2008-03-28 11:25 22,072 --a------ c:\windows\system32\drivers\fnetmon.sys

2009-01-30 05:06 . 2009-01-30 05:06 <DIR> d-------- c:\windows\system32\PAV

2009-01-30 05:06 . 2009-02-05 02:43 <DIR> d-------- c:\program files\Panda Security

2009-01-30 05:06 . 2009-01-30 05:06 <DIR> d-------- c:\documents and settings\Owner\Application Data\Panda Security

2009-01-30 05:06 . 2009-01-30 05:06 <DIR> d-------- c:\documents and settings\All Users\Application Data\Panda Security

2009-01-30 05:06 . 2008-06-18 18:03 520,448 --a------ c:\windows\system32\PavSHook.dll

2009-01-30 05:06 . 2003-10-22 18:23 446,464 --a------ c:\windows\system32\HHActiveX.dll

2009-01-30 05:06 . 2008-06-26 11:25 197,888 --a------ c:\windows\system32\drivers\neti1634.sys

2009-01-30 05:06 . 2008-06-24 14:48 193,280 --a------ c:\windows\system32\TpUtil.dll

2009-01-30 05:06 . 2007-02-08 11:53 107,568 --a------ c:\windows\system32\SYSTOOLS.DLL

2009-01-30 05:06 . 2008-06-18 18:03 87,296 --a------ c:\windows\system32\PavLspHook.dll

2009-01-30 05:06 . 2008-03-18 16:58 58,672 --a------ c:\windows\system32\avldr.dll

2009-01-30 05:06 . 2008-06-18 18:03 55,552 --a------ c:\windows\system32\pavipc.dll

2009-01-30 05:03 . 2008-06-19 17:24 28,544 --a------ c:\windows\system32\drivers\pavboot.sys

2009-01-30 05:02 . 2009-01-30 05:02 <DIR> d-------- c:\program files\Common Files\Panda Security

2009-01-30 05:02 . 2008-02-07 12:03 179,640 --a------ c:\windows\system32\drivers\PavProc.sys

2009-01-30 05:02 . 2008-03-04 15:59 41,144 --a------ c:\windows\system32\drivers\ShlDrv51.sys

2009-01-11 08:51 . 2009-02-05 07:44 49 --a------ c:\windows\NeroDigital.ini

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-06 17:24 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

2009-02-04 22:15 --------- d-----w c:\program files\Common Files\Wise Installation Wizard

2009-01-30 11:06 --------- d--h--w c:\program files\InstallShield Installation Information

2009-01-30 10:39 --------- d-----w c:\program files\buySAFEShoppingAdvisor

2009-01-27 19:18 --------- d-----w c:\program files\World of Warcraft

2009-01-21 21:06 --------- d-----w c:\program files\Google

2009-01-17 03:04 --------- d-----w c:\documents and settings\Owner\Application Data\FrostWire

2009-01-11 14:44 --------- d-----w c:\program files\CCleaner

2009-01-03 06:48 --------- d-----w c:\documents and settings\Owner\Application Data\Ventrilo

2008-12-25 05:01 410,984 ----a-w c:\windows\system32\deploytk.dll

2008-12-25 05:01 --------- d-----w c:\program files\Java

2008-12-25 04:00 --------- d-----w c:\program files\FrostWire

2008-12-25 03:37 --------- d-----w c:\program files\Microsoft ActiveSync

2008-12-25 02:00 --------- d-----w c:\documents and settings\Owner\Application Data\Apple Computer

2008-12-25 01:59 --------- d-----w c:\program files\QuickTime

2008-12-25 01:59 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2008-12-20 22:38 142 ----a-w c:\documents and settings\Owner\Application Data\wklnhst.dat

2008-12-19 23:08 --------- d-----w c:\program files\Common Files\Jasc Software Inc

2008-12-19 23:08 --------- d-----w c:\documents and settings\All Users\Application Data\InstallShield

2008-12-19 23:07 --------- d-----w c:\program files\Jasc Software Inc

2008-12-19 23:07 --------- d-----w c:\program files\Common Files\InstallShield

2008-12-19 23:07 --------- d-----w c:\documents and settings\Owner\Application Data\Jasc Software Inc

2008-12-17 09:01 --------- d-----w c:\program files\Microsoft CAPICOM 2.1.0.2

2008-12-16 18:17 --------- d-----w c:\program files\Microsoft Silverlight

2008-12-13 04:39 --------- d-----w c:\program files\Ventrilo

2008-12-11 21:42 --------- d-----w c:\documents and settings\Owner\Application Data\AdobeUM

2008-12-11 20:04 --------- d-----w c:\program files\Spybot - Search & Destroy

2008-12-11 10:57 333,952 ----a-w c:\windows\system32\drivers\srv.sys

2008-12-11 03:40 --------- d-----w c:\documents and settings\Owner\Application Data\Template

2008-12-10 22:05 --------- d-----w c:\program files\Common Files\Adobe

2008-12-10 19:29 --------- d-----w c:\documents and settings\Owner\Application Data\HPAppData

2008-12-10 19:24 --------- d-----w c:\program files\Microsoft IntelliType Pro

2008-12-10 19:18 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

2008-12-10 19:18 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf

2008-12-10 19:17 --------- d-----w c:\program files\Microsoft IntelliPoint

2008-12-10 17:45 --------- d-----w c:\program files\Auslogics

2008-12-10 17:45 --------- d-----w c:\documents and settings\Owner\Application Data\Auslogics

2008-12-10 06:37 --------- d-----w c:\documents and settings\Owner\Application Data\HP

2008-12-10 06:35 --------- d-----w c:\documents and settings\All Users\Application Data\WEBREG

2008-12-10 06:32 --------- d-----w c:\program files\HP

2008-12-10 06:32 --------- d-----w c:\documents and settings\All Users\Application Data\HPSSUPPLY

2008-12-10 06:29 --------- d-----w c:\documents and settings\All Users\Application Data\HP

2008-12-10 06:28 --------- d-----w c:\program files\Common Files\HP

2008-12-10 06:28 --------- d-----w c:\documents and settings\All Users\Application Data\HP Product Assistant

2008-12-10 06:27 --------- d-----w c:\program files\Hewlett-Packard

2008-12-10 06:27 --------- d-----w c:\program files\Common Files\Hewlett-Packard

2008-12-10 06:26 --------- d-----w c:\documents and settings\All Users\Application Data\Hewlett-Packard

2008-12-10 04:55 --------- d-----w c:\documents and settings\All Users\Application Data\Blizzard

2008-12-10 04:13 --------- d-----w c:\program files\Common Files\Blizzard Entertainment

2008-12-10 02:15 --------- d-----w c:\documents and settings\Owner\Application Data\U3

2008-12-10 00:45 --------- d-----w c:\program files\Reference Assemblies

2008-12-10 00:45 --------- d-----w c:\program files\MSBuild

2008-12-10 00:00 --------- d-----w c:\documents and settings\All Users\Application Data\NOS

2008-12-09 23:59 --------- d-----w c:\program files\NOS

2008-12-09 22:01 --------- d-----w c:\program files\Common Files\Adobe AIR

2008-12-09 19:06 --------- d-----w c:\program files\MSXML 4.0

2008-12-09 18:34 --------- d-----w c:\program files\Common Files\Symantec Shared

2008-12-09 18:32 --------- d-----w c:\documents and settings\All Users\Application Data\Backup

2008-12-09 18:27 --------- d-----w c:\program files\Pure Networks

2008-12-09 18:24 --------- d-----w c:\program files\Common Files\AOL

2008-12-09 18:24 --------- d-----w c:\documents and settings\All Users\Application Data\AOL

2008-12-09 18:11 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec

2008-12-09 16:46 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\McAfee

2008-12-09 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee.com

2008-12-09 16:46 --------- d-----w c:\documents and settings\All Users\Application Data\McAfee

2008-12-09 16:45 --------- d-----w c:\program files\CyberLink

2008-12-09 16:45 --------- d-----w c:\documents and settings\All Users\Application Data\CyberLink

2008-12-09 16:44 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\SampleView

2008-12-09 16:44 --------- d-----w c:\program files\MSN Encarta Plus

2008-12-09 16:44 --------- d-----w c:\program files\Microsoft Money 2005

2008-12-09 16:44 --------- d-----w c:\program files\AvRack

2008-12-09 16:44 --------- d-----w c:\documents and settings\Owner\Application Data\SampleView

2008-12-09 16:40 --------- d-----w c:\program files\Common Files\Ahead

2008-12-09 16:40 --------- d-----w c:\program files\BigFix

2008-12-09 16:40 --------- d-----w c:\program files\Ahead

2008-12-09 16:39 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\You've Got Pictures Screensaver

2008-12-09 16:39 --------- d-----w c:\program files\Viewpoint

2008-12-09 16:39 --------- d-----w c:\program files\Learn2.com

2008-12-09 16:39 --------- d-----w c:\documents and settings\All Users\Application Data\Viewpoint

2008-12-09 16:39 --------- d-----w c:\documents and settings\All Users\Application Data\Pure Networks

2008-12-09 16:37 8,552 ----a-w c:\windows\system32\drivers\asctrm.sys

2008-12-09 16:37 --------- d-----w c:\program files\Real

2008-12-09 16:37 --------- d-----w c:\program files\Common Files\Real

2008-12-09 16:37 --------- d-----w c:\program files\Common Files\Nullsoft

2008-12-09 16:37 --------- d-----w c:\documents and settings\All Users\Application Data\QuickTime

2008-12-09 16:33 --------- d-----w c:\program files\S3

2008-12-09 16:33 --------- d-----w c:\program files\Microsoft Works

2008-12-09 16:33 --------- d-----w c:\program files\Digital Media Reader

2008-12-09 16:33 --------- d-----w c:\program files\Common Files\Java

2008-12-09 16:23 --------- d-----w c:\windows\system32\config\systemprofile\Application Data\Symantec

2008-12-09 16:18 --------- d-----w c:\program files\Common Files\New Boundary

2008-12-09 16:18 --------- d-----w c:\documents and settings\All Users\Application Data\Prism Deploy

2008-12-09 16:13 --------- d-----w c:\program files\CONEXANT

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-13 212992]

"SunKistEM"="c:\program files\Digital Media Reader\shwiconem.exe" [2004-11-15 135168]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-24 136600]

"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-07-16 857344]

"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]

"CHotkey"="zHotkey.exe" [2004-05-17 c:\windows\zHotkey.exe]

"ShowWnd"="ShowWnd.exe" [2003-09-19 c:\windows\ShowWnd.exe]

"VTTimer"="VTTimer.exe" [2004-08-13 c:\windows\system32\VTTimer.exe]

"SoundMan"="SOUNDMAN.EXE" [2003-12-09 c:\windows\SOUNDMAN.EXE]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

BigFix.lnk - c:\program files\BigFix\BigFix.exe [2008-12-09 1742384]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]

2008-03-18 16:58 58672 c:\windows\system32\avldr.dll

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]

@="Service"

 

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"idsvc"=3 (0x3)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager

"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager

"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

"c:\\Program Files\\FrostWire\\FrostWire.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

 

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-01-30 28544]

R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-01-30 73728]

R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-01-30 52992]

R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-01-30 22072]

R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-01-30 193792]

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-01-30 05:07:46 158848]

R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-01-30 41144]

R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-01-30 46720]

R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]

R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-01-30 179640]

R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [2009-01-30 28928]

R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-01-30 197888]

R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\PavTPK.sys --> c:\windows\system32\PavTPK.sys [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

panda REG_MULTI_SZ Gwmsrv

 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\K]

\Shell\AutoRun\command - K:\LaunchU3.exe -a

.

Contents of the 'Scheduled Tasks' folder

 

2008-12-10 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job

- c:\program files\Microsoft IntelliPoint\ipoint.exe [2008-06-10 12:56]

.

.

------- Supplementary Scan -------

.

Trusted Zone: pcpitstop.com\www

.

 

**************************************************************************

 

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-06 11:41:02

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(876)

c:\windows\SYSTEM32\avldr.dll

.

Completion time: 2009-02-06 11:42:49

ComboFix-quarantined-files.txt 2009-02-06 17:42:46

 

Pre-Run: 50,194,366,464 bytes free

Post-Run: 50,318,065,664 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

252 --- E O F --- 2009-01-14 09:09:57

Share this post


Link to post
Share on other sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:49:17 AM, on 2/6/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16762)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\SYSTEM32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe

C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\zHotkey.exe

C:\WINDOWS\system32\VTTimer.exe

C:\Program Files\Digital Media Reader\shwiconem.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Microsoft ActiveSync\Wcescomm.exe

C:\Program Files\BigFix\BigFix.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

c:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe

C:\Program Files\Panda Security\Panda Internet Security 2009\AVENGINE.EXE

C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe

c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE

C:\Program Files\Panda Security\Panda Internet Security 2009\Upgrader.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\WINDOWS\system32\notepad.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - (no file)

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

O2 - BHO: (no name) - {A057A204-BACC-4D26-C7D7-6BAD84E32FCB} - (no file)

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: (no name) - {F02FABCB-92DD-475A-98AF-14217BD50746} - (no file)

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [CHotkey] zHotkey.exe

O4 - HKLM\..\Run: [showWnd] ShowWnd.exe

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [sunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE

O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"

O4 - HKLM\..\Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s

O4 - HKLM\..\Run: [sCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"

O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe

O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll

O9 - Extra button: HP Clipbook - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: HP Smart Select - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB

O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab

O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} -

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab

O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/jre...ows-i586-jc.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -

O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab

O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe

O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe

O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe

O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrv51.exe

O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS

O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE

O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe

O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe

O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe

 

--

End of file - 9442 bytes

Share this post


Link to post
Share on other sites

Welcome back

 

 

No signs of malware.

It appears all Panda services and files are intact and running.

 

It's pointing to problems within the software itself.

 

Make sure your computer clock is showing the correct time.

 

 

What I did pick up on were what is probably left over folders that you can delete.

 

c:\windows\system32\config\systemprofile\Application Data\Symantec

c:\documents and settings\All Users\Application Data\Symantec

c:\windows\system32\config\systemprofile\Application Data\McAfee

c:\documents and settings\All Users\Application Data\McAfee.com

c:\documents and settings\All Users\Application Data\McAfee

 

 

 

 

We can continue running scans to continue searching.....let me know?

Share this post


Link to post
Share on other sites

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the x and the /u, it needs to be there.
Example below

Posted Image

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

Click here to Read Amazon Reviews!



×