Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winlogon.exe 100%


  • Please log in to reply
9 replies to this topic

#1 Mund

Mund

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 29 July 2008 - 01:08 PM

Hi, first time post, I really need some help.
winlogon.exe is taking 100% cpu. I've googled this to death, and whilst there seems to be 100's of people with the same problem there also seems to be 100's of possible solutions, non of which have worked for me.
The PC is on a domain and works fine if its booted with lan cable unplugged, and then plugged in after login.
Anyway, could some one be kind enough to have a look over my hijack this log, im pretty sure at this stage its not caused by malware but would like to be sure.

Thanks in advance

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:27:22, on 29/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
C:\Program Files\Panda Software\AVTC\TPSrv.exe
C:\Program Files\Panda Software\AVTC\PavSrv51.exe
C:\Program Files\Panda Software\AVTC\AVENGINE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\AVTC\PsCtrlS.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
C:\Program Files\Panda Software\AVTC\PSHost.exe
C:\Program Files\Panda Software\AVTC\PsImSvc.exe
C:\Program Files\Panda Software\AVTC\SrvLoad.exe
C:\Program Files\Panda Software\AVTC\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Panda Software\AVTC\PSCtrlC.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\HJT\HijackThis\HijackThis.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\sistray.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.365online.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\Panda Software\AVTC\PSCtrlC.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PC RateLink Client.lnk = C:\misys\PCRATELINK\pcratelink.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163603217016
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Brittons.local
O17 - HKLM\Software\..\Telephony: DomainName = Brittons.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{72A412E2-7F7C-4CCD-A8D9-E3AB5F8BE38D}: NameServer = 192.168.100.150,213.94.190.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Brittons.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{72A412E2-7F7C-4CCD-A8D9-E3AB5F8BE38D}: NameServer = 192.168.100.150,213.94.190.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Brittons.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{72A412E2-7F7C-4CCD-A8D9-E3AB5F8BE38D}: NameServer = 192.168.100.150,213.94.190.194
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\AVTC\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software International - C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Program Files\Panda Software\AVTC\PavSrv51.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Software\AVTC\PSHost.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Program Files\Panda Software\AVTC\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\AVTC\TPSrv.exe

--
End of file - 8086 bytes

BC AdBot (Login to Remove)

 


#2 Mund

Mund
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 30 July 2008 - 11:43 AM

Sorry, I realise I should have run the Deckards Scan instead of just Hijackthis

Deckard's System Scanner v20071014.68
Run by ATimoney on 2008-07-30 17:40:43
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
92: 2008-07-30 16:40:51 UTC - RP771 - Deckard's System Scanner Restore Point
91: 2008-07-30 12:46:32 UTC - RP770 - System Checkpoint
90: 2008-07-29 08:30:59 UTC - RP769 - Restore Operation
89: 2008-07-29 00:04:47 UTC - RP768 - System Checkpoint
88: 2008-07-27 23:20:18 UTC - RP767 - System Checkpoint


-- First Restore Point --
1: 2008-05-02 11:50:30 UTC - RP680 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as ATimoney.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:43:06, on 30/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
C:\Program Files\Panda Software\AVTC\TPSrv.exe
C:\Program Files\Panda Software\AVTC\PavSrv51.exe
C:\Program Files\Panda Software\AVTC\AVENGINE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\AVTC\PsCtrlS.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
C:\Program Files\Panda Software\AVTC\PSHost.exe
C:\Program Files\Panda Software\AVTC\PsImSvc.exe
C:\Program Files\Panda Software\AVTC\SrvLoad.exe
C:\Program Files\Panda Software\AVTC\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Panda Software\AVTC\PSCtrlC.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
\Server1\User Profiles on E\ATimoney\dss.exe
C:\HJT\HIJACK~1\ATimoney.exe
C:\Program Files\Panda Software\AVTC\PSIMMON.exe
C:\Program Files\Panda Software\AVTC\avciman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.365online.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\Panda Software\AVTC\PSCtrlC.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PC RateLink Client.lnk = C:\misys\PCRATELINK\pcratelink.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163603217016
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Brittons.local
O17 - HKLM\Software\..\Telephony: DomainName = Brittons.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{72A412E2-7F7C-4CCD-A8D9-E3AB5F8BE38D}: NameServer = 192.168.100.150,213.94.190.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Brittons.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{72A412E2-7F7C-4CCD-A8D9-E3AB5F8BE38D}: NameServer = 192.168.100.150,213.94.190.194
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = Brittons.local
O17 - HKLM\System\CS2\Services\Tcpip\..\{72A412E2-7F7C-4CCD-A8D9-E3AB5F8BE38D}: NameServer = 192.168.100.150,213.94.190.194
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\AVTC\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software International - C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Program Files\Panda Software\AVTC\PavSrv51.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Software\AVTC\PSHost.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Program Files\Panda Software\AVTC\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\AVTC\TPSrv.exe

--
End of file - 8395 bytes

-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\cplopen\command - rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser "%1",%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 ShldDrv (Panda File Shield Driver) - c:\windows\system32\drivers\shldrv51.sys <Not Verified; Panda Software; Panda Shield>
R2 NpaFlt (Panda NpaFlt Driver) - c:\windows\system32\drivers\npaflt.sys <Not Verified; Panda Software; Panda Software 2006>
R2 PavDrv (Panda Anti-virus Driver) - c:\windows\system32\drivers\pavdrv51.sys <Not Verified; Panda Software International; Panda Residents>
R2 PavProc (Panda Process Protection Driver) - c:\windows\system32\drivers\pavproc.sys <Not Verified; Panda Software; PandaShield>
R3 AvFlt (Antivirus Filter Driver) - c:\windows\system32\drivers\av5flt.sys (file missing)
R3 PavSRK.sys - c:\windows\system32\pavsrk.sys (file missing)
R3 PavTPK.sys - c:\windows\system32\pavtpk.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Panda Software Controller - c:\program files\panda software\avtc\psctrls.exe <Not Verified; Panda Software International; Panda Corporative Solutions>
R2 PAVAGENTE (Panda AdminSecure Communications Agent) - c:\program files\panda software\panda administrator 3\pav_agent\pagent.exe <Not Verified; Panda Software; Panda AdminSecure>
R2 PavAtScheduler (Panda AdminSecure Scheduler) - c:\program files\panda software\panda administrator 3\scheduler\pavsched.exe <Not Verified; Panda Software; Panda AdminSecure>
R2 PavFnSvr (Panda Function Service) - c:\program files\panda software\avtc\pavfnsvr.exe <Not Verified; Panda Software International; Panda Residents>
R2 PavPrSrv (Panda Process Protection Service) - "c:\program files\common files\panda software\pavshld\pavprsrv.exe" <Not Verified; Panda Software; PandaShield>
R3 PavReport (Panda Antivirus Report Service) - "c:\program files\panda software\panda administrator 3\pavreport\pavreport.exe" <Not Verified; Panda Software; Panda AdminSecure>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Files created between 2008-06-30 and 2008-07-30 -----------------------------

2008-07-30 09:48:26 0 d-------- C:\Program Files\Citrix
2008-07-28 00:20:15 3272704 --a------ C:\Documents and Settings\atimoney\ntuser.dat
2008-07-24 20:10:41 0 d-------- C:\Program Files\Panda Security
2008-07-24 17:17:29 0 d-------- C:\HJT
2008-07-23 17:24:58 0 d-------- C:\WINDOWS\pss
2008-07-22 20:38:31 0 d-------- C:\Documents and Settings\atimoney\.housecall6.6
2008-07-22 19:04:38 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-22 18:05:26 0 d-------- C:\Program Files\Trend Micro
2008-07-02 12:57:03 0 d-------- C:\WINDOWS\Prefetch
2008-07-02 12:37:50 0 d-------- C:\WINDOWS\system32\scripting
2008-07-02 12:37:48 0 d-------- C:\WINDOWS\l2schemas
2008-07-02 12:37:43 0 d-------- C:\WINDOWS\system32\en
2008-07-02 12:37:41 0 d-------- C:\WINDOWS\system32\bits
2008-07-02 12:32:04 0 d-------- C:\WINDOWS\ServicePackFiles


-- Find3M Report ---------------------------------------------------------------

2008-07-30 09:32:44 0 d-------- C:\Program Files\LogMeIn
2008-07-02 12:38:35 0 d-------- C:\Program Files\Messenger
2008-07-02 12:37:40 0 d-------- C:\Program Files\Movie Maker
2008-07-02 12:31:40 0 d-------- C:\Program Files\Windows NT
2008-06-27 13:29:51 0 d-------- C:\Documents and Settings\atimoney\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [14/04/2008 01:12]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03:43]
"SoundMan"="SOUNDMAN.EXE" [20/06/2005 20:42 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [13/07/2005 01:55 C:\WINDOWS\system32\SiSPower.dll]
"Panda Controller Client"="C:\Program Files\Panda Software\AVTC\PSCtrlC.exe" [14/03/2007 19:07]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [17/04/2007 14:03]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]

C:\Documents and Settings\atimoney\Start Menu\Programs\Startup\
PC RateLink Client.lnk - C:\misys\PCRATELINK\pcratelink.exe [11/01/2006 15:44:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [11/01/2006 15:26:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 30/07/2008 09:48 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 28/05/2008 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc

*Newly Created Service* - GOTOASSIST



-- Hosts -----------------------------------------------------------------------

192.168.100.254 tripos0


-- End of Deckard's System Scanner: finished at 2008-07-30 17:44:26 ------------

Attached Files


Edited by Mund, 30 July 2008 - 11:47 AM.


#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:24 PM

Posted 09 August 2008 - 09:39 AM

Hello Mund

Welcome to BleepingComputer :thumbsup:
========================
If you are still in need of assistance please post a new Dss log.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#4 Mund

Mund
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 11 August 2008 - 04:59 AM

Hi,
I'm away from that PC at the moment, I'll Post one tonight

#5 Mund

Mund
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 11 August 2008 - 11:19 AM

Hi,
Heres a new log.
Thanks


Deckard's System Scanner v20071014.68
Run by atimoney on 2008-08-11 17:21:59
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 479 MiB (512 MiB recommended).


-- HijackThis (run as atimoney.exe) --------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:22:40, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
C:\Program Files\Panda Software\AVTC\TPSrv.exe
C:\Program Files\Panda Software\AVTC\PavSrv51.exe
C:\Program Files\Panda Software\AVTC\AVENGINE.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Panda Software\AVTC\PsCtrlS.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\pagentwd.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
C:\Program Files\Panda Software\AVTC\PSHost.exe
C:\Program Files\Panda Software\AVTC\PsImSvc.exe
C:\Program Files\Panda Software\AVTC\SrvLoad.exe
C:\Program Files\Panda Software\AVTC\WebProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Panda Software\AVTC\PSCtrlC.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Panda Software\AVTC\PSIMMON.exe
C:\Program Files\Panda Software\AVTC\psimreal.exe
C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
\Server1\User Profiles on E\ATimoney\dss.exe
C:\HJT\HIJACK~1\atimoney.exe
C:\Program Files\Panda Software\AVTC\avciman.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.365online.ie/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Panda Controller Client] "C:\Program Files\Panda Software\AVTC\PSCtrlC.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PC RateLink Client.lnk = C:\misys\PCRATELINK\pcratelink.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1163603217016
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Brittons.local
O17 - HKLM\Software\..\Telephony: DomainName = Brittons.local
O17 - HKLM\System\CCS\Services\Tcpip\..\{72A412E2-7F7C-4CCD-A8D9-E3AB5F8BE38D}: NameServer = 192.168.100.150,213.94.190.194
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Brittons.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{72A412E2-7F7C-4CCD-A8D9-E3AB5F8BE38D}: NameServer = 192.168.100.150,213.94.190.194
O20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToAssist\508\g2aservice.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Program Files\Panda Software\AVTC\PsCtrlS.exe
O23 - Service: Panda AdminSecure Communications Agent (PAVAGENTE) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Pav_Agent\Pagent.exe
O23 - Service: Panda AdminSecure Scheduler (PavAtScheduler) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\Scheduler\pavsched.exe
O23 - Service: Panda Function Service (PavFnSvr) - Panda Software International - C:\Program Files\Panda Software\AVTC\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda Antivirus Report Service (PavReport) - Panda Software - C:\Program Files\Panda Software\Panda Administrator 3\PavReport\PavReport.exe
O23 - Service: Panda Antivirus Service (PavSrv) - Panda Software International - C:\Program Files\Panda Software\AVTC\PavSrv51.exe
O23 - Service: Panda AntiSpam Engine (PMShellSrv) - Panda Software International - C:\Program Files\Panda Software\AVTC\PSKMsSvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Software\AVTC\PSHost.exe
O23 - Service: Panda IManager Service (PsImSvc) - Panda Software International - C:\Program Files\Panda Software\AVTC\PsImSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Program Files\Panda Software\AVTC\TPSrv.exe

--
End of file - 8364 bytes

-- Files created between 2008-07-11 and 2008-08-11 -----------------------------

2008-08-11 11:32:48 0 d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-08-05 19:02:01 0 d-------- C:\WINDOWS\Prefetch
2008-08-05 17:33:48 0 d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-08-05 17:33:36 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-08-05 17:32:14 0 d-------- C:\WINDOWS\Internet Logs
2008-08-05 17:28:51 0 d-------- C:\Program Files\Abexo
2008-07-30 18:10:41 0 d-------- C:\Program Files\Windows Defender
2008-07-30 09:48:26 0 d-------- C:\Program Files\Citrix
2008-07-28 00:20:15 3272704 --a------ C:\Documents and Settings\atimoney\ntuser.dat
2008-07-24 20:10:41 0 d-------- C:\Program Files\Panda Security
2008-07-24 17:17:29 0 d-------- C:\HJT
2008-07-23 17:24:58 0 d-------- C:\WINDOWS\pss
2008-07-22 20:38:31 0 d-------- C:\Documents and Settings\atimoney\.housecall6.6
2008-07-22 19:04:38 0 d-------- C:\Program Files\Windows Live Safety Center
2008-07-22 18:05:26 0 d-------- C:\Program Files\Trend Micro


-- Find3M Report ---------------------------------------------------------------

2008-08-11 09:32:48 0 d-------- C:\Program Files\LogMeIn
2008-08-05 18:55:26 0 d-------- C:\Program Files\Messenger
2008-08-05 18:49:11 0 d-------- C:\Program Files\Windows NT
2008-08-05 18:49:05 0 d-------- C:\Program Files\Movie Maker
2008-06-27 13:29:51 0 d-------- C:\Documents and Settings\atimoney\Application Data\Adobe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [04/08/2004 13:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [14/03/2007 03:43]
"SoundMan"="SOUNDMAN.EXE" [20/06/2005 20:42 C:\WINDOWS\SOUNDMAN.EXE]
"SiSPower"="SiSPower.dll" [13/07/2005 01:55 C:\WINDOWS\system32\SiSPower.dll]
"Panda Controller Client"="C:\Program Files\Panda Software\AVTC\PSCtrlC.exe" [04/07/2007 07:48]
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [17/04/2007 14:03]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 13:00]

C:\Documents and Settings\atimoney\Start Menu\Programs\Startup\
PC RateLink Client.lnk - C:\misys\PCRATELINK\pcratelink.exe [11/01/2006 15:44:22]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23/09/2005 22:05:26]
Utility Tray.lnk - C:\WINDOWS\system32\sistray.exe [11/01/2006 15:26:14]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
C:\Program Files\Citrix\GoToAssist\508\G2AWinLogon.dll 30/07/2008 09:48 10536 C:\Program Files\Citrix\GoToAssist\508\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 28/05/2008 12:32 87352 C:\WINDOWS\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

*Newly Created Service* - PAVREPORT



-- End of Deckard's System Scanner: finished at 2008-08-11 17:23:37 ------------

#6 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:24 PM

Posted 11 August 2008 - 06:19 PM

Hi do you currently use this program > GoToAssist?
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#7 Mund

Mund
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 12 August 2008 - 03:25 AM

Yes, though rarely.
Do you think it could be causeing the problem?

#8 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:24 PM

Posted 12 August 2008 - 12:12 PM

Yes what you can do is uninstall it.

Then do the following:
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image

#9 Mund

Mund
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:24 PM

Posted 14 August 2008 - 03:16 AM

Hi Kahdah,
Thanks for you help, the problem has been solved.
Turns out is was panda active scan trying to update the client.
After uninstalling and reinstalling latest version problems gone.

Thanks again

#10 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:09:24 PM

Posted 14 August 2008 - 03:35 AM

Good glad to hear.
Just for good measure can you please run mbam and post it's log please.
Then we will wrap it up.:thumbsup:
Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users