Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ossproxy on my computer


  • Please log in to reply
7 replies to this topic

#1 nicktiler

nicktiler

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 14 April 2009 - 10:27 AM

Hi
hope I have done everything correctly. Have followed instructions.
cannot remove this MALWARE / SPYWARE..... oss proxy : My Panda Global protection 2009 cannot remove it

think I am supposed to attatch Hijack this log files so here goes...

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume1
Install Date: 04/01/2009 11:31:21
System Uptime: 13/04/2009 19:03:13 (1 hours ago)

Motherboard: Dell Inc. | | 0WP007
Processor: Intel® Celeron® CPU 540 @ 1.86GHz | Microprocessor | 1862/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 112 GiB total, 75.256 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia 6300
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

Class GUID: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Description: Nokia 6300
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia 6300
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd

==== System Restore Points ===================


==== Installed Programs ======================

ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9
Adobe Shockwave Player 11
AVerMedia HC82 Express-Card Hybrid Analog
AVerMedia MCE Encoder x86 3.0.1.0
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cleanse Uninstaller Pro 5
Cobian Backup 8
Conexant HDA D330 MDC V.92 Modem
Dell Wireless WLAN Card
Digital Camera Driver
Epson Easy Photo Print 2
EPSON Scan
EPSON Stylus SX100_TX100 Manual
EPSON SX100 Series Printer Uninstall
Favorit
FinePixViewer Resource
FinePixViewer Ver.5.4
GEAR Software Drivers
Google Chrome
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Indeo® software
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless Software
Java™ 6 Update 11
Java™ 6 Update 7
Lets PHOTO Express
Marvell Miniport Driver
mCore
mDriver
mHelp
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2005 Redistributable
mMHouse
mPfMgr
mWMI
Nokia Connectivity Cable Driver
Nokia PC Suite
OpenOffice.org 3.0
Panda Global Protection 2009
PC Connectivity Solution
Player
Prevx CSI
RAW FILE CONVERTER LE
RelevantKnowledge
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
Spyware Doctor 6.0
Thomas & Friends - The Great Festival Adventure
Thomas Saves the Day
Tux Paint 0.9.20b
VTech® Photo Editor

==== End Of File ===========================



DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:16:51.30 on 13/04/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1013.208 [GMT 1:00]

AV: Panda Global Protection 2009 *On-access scanning enabled* (Updated)
FW: Panda Personal Firewall 2009 *enabled*

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost -k Panda
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\RelevantKnowledge\rlservice.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\ApVxdWin.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Owner\AppData\Local\kqeeqsa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\avciman.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\psimreal.exe
C:\Windows\TEMP\~os122B.tmp\ossproxy.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPSON SX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiede.exe /fu "c:\windows\temp\E_S5ABC.tmp" /EF "HKCU"
uRun: [kqeeqsa] "c:\users\owner\appdata\local\kqeeqsa.exe" kqeeqsa
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2009\Inicio.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [PrevxCSI] "c:\program files\prevx\prevx.exe" /bootupreg
mRun: [Cobian Backup 8] "c:\program files\cobian backup 8\Cobian.exe"
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1236715733473
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239213481087
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-4-10 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-4-10 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-4-10 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-4-10 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-4-10 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-4-10 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-4-10 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-4-10 46720]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2009-4-10 49208]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-4-10 13880]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-4-10 179640]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-5 111616]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-4-10 197888]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2009-04-13 19:54 <DIR> --d----- c:\program files\Cobian Backup 8
2009-04-13 18:50 <DIR> --d----- c:\program files\Trend Micro
2009-04-13 18:18 22,024 a------- c:\windows\system32\drivers\pxscan.sys
2009-04-13 18:18 <DIR> --d----- c:\program files\Prevx
2009-04-13 18:17 <DIR> --d----- c:\programdata\PrevxCSI
2009-04-13 18:17 <DIR> --d----- c:\progra~2\PrevxCSI
2009-04-13 15:09 81,288 a------- c:\windows\system32\drivers\iksyssec.sys
2009-04-13 15:09 66,952 a------- c:\windows\system32\drivers\iksysflt.sys
2009-04-13 15:09 42,376 a------- c:\windows\system32\drivers\ikfilesec.sys
2009-04-13 15:09 29,576 a------- c:\windows\system32\drivers\kcom.sys
2009-04-13 15:09 <DIR> --d----- c:\users\owner\appdata\roaming\PC Tools
2009-04-13 15:09 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-13 14:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-12 23:36 <DIR> --d----- C:\YTS Windows Media Player_converted
2009-04-12 23:26 389,120 a------- c:\windows\system32\actskn43.ocx
2009-04-12 23:26 188,416 a------- c:\windows\system32\actsplash.ocx
2009-04-12 23:26 647,872 a------- c:\windows\system32\MSCOMCT2.OCX
2009-04-12 23:26 597,834 a------- c:\windows\system32\AS-IFce1.ocx
2009-04-12 23:26 <DIR> --d----- c:\program files\RelevantKnowledge
2009-04-12 19:57 <DIR> --d----- c:\users\owner\appdata\roaming\GetRightToGo
2009-04-10 21:07 <DIR> --d----- c:\program files\YouTube Downloader
2009-04-10 19:32 13,880 a------- c:\windows\system32\drivers\COMFiltr.sys
2009-04-10 19:32 49,208 a------- c:\windows\system32\drivers\amm8660.sys
2009-04-10 19:32 261 a------- c:\windows\system32\PavCPL.dat
2009-04-10 19:32 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-04-10 19:32 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-04-10 19:32 198,388 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-04-10 19:32 198,388 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-04-10 19:32 46,720 a------- c:\windows\system32\drivers\wnmflt.sys
2009-04-10 19:32 193,792 a------- c:\windows\system32\drivers\idsflt.sys
2009-04-10 19:32 52,992 a------- c:\windows\system32\drivers\dsaflt.sys
2009-04-10 19:30 158,848 a------- c:\windows\system32\drivers\NETFLTDI.SYS
2009-04-10 19:30 73,728 a------- c:\windows\system32\drivers\APPFLT.SYS
2009-04-10 19:30 22,072 a------- c:\windows\system32\drivers\fnetmon.sys
2009-04-10 19:29 54,832 a------- c:\windows\system32\pavcpl.cpl
2009-04-10 19:29 446,464 a------- c:\windows\system32\HHActiveX.dll
2009-04-10 19:29 193,280 a------- c:\windows\system32\TpUtil.dll
2009-04-10 19:29 107,568 a------- c:\windows\system32\SYSTOOLS.DLL
2009-04-10 19:29 87,296 a------- c:\windows\system32\PavLspHook.dll
2009-04-10 19:29 55,552 a------- c:\windows\system32\pavipc.dll
2009-04-10 19:29 520,448 a------- c:\windows\system32\PavSHook.dll
2009-04-10 19:29 197,888 a------- c:\windows\system32\drivers\neti1634.sys
2009-04-10 19:29 <DIR> --d----- c:\windows\system32\PAV
2009-04-10 19:29 <DIR> --d----- c:\users\owner\appdata\roaming\Panda Security
2009-04-10 19:29 <DIR> --d----- c:\programdata\Panda Security
2009-04-10 19:29 <DIR> --d----- c:\program files\Panda Security
2009-04-10 19:29 <DIR> --d----- c:\progra~2\Panda Security
2009-04-10 19:19 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-10 19:18 179,640 a------- c:\windows\system32\drivers\PavProc.sys
2009-04-10 19:18 41,144 a------- c:\windows\system32\drivers\ShlDrv51.sys
2009-04-10 18:36 <DIR> --d----- c:\users\owner\appdata\roaming\IObit
2009-04-10 18:36 <DIR> --d----- c:\program files\IObit
2009-04-10 18:15 <DIR> --d----- c:\users\owner\appdata\roaming\CleanMyPC Software
2009-04-10 18:15 <DIR> a-d----- c:\programdata\TEMP
2009-04-10 18:09 <DIR> --d----- c:\program files\Zards software
2009-04-10 17:38 423 a------- c:\windows\AvDetected.ini
2009-04-09 19:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-07 21:00 <DIR> --d----- c:\program files\Playinator
2009-04-06 21:31 <DIR> --d----- c:\program files\Sincell
2009-04-06 21:20 <DIR> --d----- c:\programdata\WindowsSearch
2009-04-06 07:23 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-05 20:21 <DIR> --d----- C:\PerfLogs

==================== Find3M ====================

2009-04-10 19:31 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-10 19:31 51,200 a------- c:\windows\inf\infpub.dat
2009-04-10 19:31 86,016 a------- c:\windows\inf\infstor.dat
2009-04-05 20:34 174 a--sh--- c:\program files\desktop.ini
2009-04-05 20:21 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-05 19:53 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-05 19:53 82,432 a------- c:\windows\system32\axaltocm.dll
2009-02-09 04:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-25 11:16 362 a------- c:\users\owner\appdata\roaming\wklnhst.dat
2009-01-15 07:11 827,392 a------- c:\windows\system32\wininet.dll
2009-01-13 20:58 410,984 a------- c:\windows\system32\deploytk.dll
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-07 19:00 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-07 19:00 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-07 19:00 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:20:22.62 ===============


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:11:35, on 13/04/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\ApVxdWin.exe
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\Owner\AppData\Local\kqeeqsa.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
c:\program files\relevantknowledge\rlvknlg.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [PrevxCSI] "C:\Program Files\Prevx\prevx.exe" /bootupreg
O4 - HKLM\..\RunOnce: [NSSInstallation] C:\Windows\System32\Adobe\Shockwave 11\nssstub.exe /RunOnce
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEDE.EXE /FU "C:\Windows\TEMP\E_S5ABC.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [kqeeqsa] "c:\users\owner\appdata\local\kqeeqsa.exe" kqeeqsa
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: ExifLauncher2.lnk = C:\Program Files\FinePixViewer\QuickDCF2.exe
O13 - Gopher Prefix:
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1236715733473
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1239213481087
O20 - AppInit_DLLs:
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8186 bytes
Apologies in advance if I have done this incorrectly !
Thanks and regards
Nick

Edited by nicktiler, 14 April 2009 - 10:32 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the &quot;Logic Free Zone&quot;, in Md, USA
  • Local time:08:36 PM

Posted 27 April 2009 - 01:27 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 nicktiler

nicktiler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 27 April 2009 - 03:57 PM

Thanks for your response
Do not know if I have got rid of it, but I think I may have abated it by using Spybot
Anyway here goes
DDS (Ver_09-03-16.01) - NTFSx86
Run by Owner at 20:01:54.02 on 27/04/2009
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.44.1033.18.1013.235 [GMT 1:00]

AV: Panda Global Protection 2009 *On-access scanning enabled* (Updated)
FW: Panda Personal Firewall 2009 *enabled*

============== Running Processes ===============

C:\Windows\SYSTEM32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Windows\system32\svchost -k Panda
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\ApVxdWin.exe
C:\Program Files\Cobian Backup 8\Cobian.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\SYSTEM32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\FinePixViewer\QuickDCF2.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Cobian Backup 8\cbInterface.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Owner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Owner\Documents\Downloads\dds (1).scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\owner\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPSON SX100 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiede.exe /fu "c:\windows\temp\E_S5ABC.tmp" /EF "HKCU"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [kqeeqsa] "c:\users\owner\appdata\local\kqeeqsa.exe" kqeeqsa
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PCSuiteTrayApplication] c:\program files\nokia\nokia pc suite 6\LaunchApplication.exe -startup
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2009\Inicio.exe"
mRun: [Cobian Backup 8] "c:\program files\cobian backup 8\Cobian.exe"
mRunOnce: [NSSInstallation] c:\windows\system32\adobe\shockwave 11\nssstub.exe /RunOnce
dRun: [PcSync] c:\program files\nokia\nokia pc suite 6\PcSync2.exe /NoDialog
StartupFolder: c:\users\owner\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\exifla~1.lnk - c:\program files\finepixviewer\QuickDCF2.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
Notify: igfxcui - igfxdev.dll
AppInit_DLLs:

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-4-10 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-4-10 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-4-10 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-4-10 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-4-10 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-4-10 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-4-10 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-4-10 46720]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2009-4-10 49208]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-4-10 13880]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-4-10 179640]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2009-1-5 111616]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-4-10 197888]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandag~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2009-04-23 20:15 <DIR> --d----- c:\program files\Peach Digital Ltd
2009-04-23 20:15 299,520 a------- c:\windows\uninst.exe
2009-04-19 18:24 <DIR> --d----- C:\SDFix
2009-04-16 21:15 <DIR> --d----- c:\programdata\Lavasoft
2009-04-16 05:35 376,832 a------- c:\windows\system32\winhttp.dll
2009-04-15 22:36 2,210 a------- c:\windows\wininit.ini
2009-04-13 23:20 <DIR> --d----- c:\programdata\Spybot - Search & Destroy
2009-04-13 23:20 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-13 23:20 <DIR> --d----- c:\progra~2\Spybot - Search & Destroy
2009-04-13 19:54 <DIR> --d----- c:\program files\Cobian Backup 8
2009-04-13 18:50 <DIR> --d----- c:\program files\Trend Micro
2009-04-13 14:48 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-12 23:36 <DIR> --d----- C:\YTS Windows Media Player_converted
2009-04-12 23:26 389,120 a------- c:\windows\system32\actskn43.ocx
2009-04-12 23:26 188,416 a------- c:\windows\system32\actsplash.ocx
2009-04-12 23:26 647,872 a------- c:\windows\system32\MSCOMCT2.OCX
2009-04-12 23:26 597,834 a------- c:\windows\system32\AS-IFce1.ocx
2009-04-12 19:57 <DIR> --d----- c:\users\owner\appdata\roaming\GetRightToGo
2009-04-10 21:07 <DIR> --d----- c:\program files\YouTube Downloader
2009-04-10 19:32 13,880 a------- c:\windows\system32\drivers\COMFiltr.sys
2009-04-10 19:32 49,208 a------- c:\windows\system32\drivers\amm8660.sys
2009-04-10 19:32 261 a------- c:\windows\system32\PavCPL.dat
2009-04-10 19:32 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-04-10 19:32 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-04-10 19:32 204,904 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-04-10 19:32 204,904 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-04-10 19:32 46,720 a------- c:\windows\system32\drivers\wnmflt.sys
2009-04-10 19:32 193,792 a------- c:\windows\system32\drivers\idsflt.sys
2009-04-10 19:32 52,992 a------- c:\windows\system32\drivers\dsaflt.sys
2009-04-10 19:30 158,848 a------- c:\windows\system32\drivers\NETFLTDI.SYS
2009-04-10 19:30 73,728 a------- c:\windows\system32\drivers\APPFLT.SYS
2009-04-10 19:30 22,072 a------- c:\windows\system32\drivers\fnetmon.sys
2009-04-10 19:29 54,832 a------- c:\windows\system32\pavcpl.cpl
2009-04-10 19:29 446,464 a------- c:\windows\system32\HHActiveX.dll
2009-04-10 19:29 193,280 a------- c:\windows\system32\TpUtil.dll
2009-04-10 19:29 107,568 a------- c:\windows\system32\SYSTOOLS.DLL
2009-04-10 19:29 87,296 a------- c:\windows\system32\PavLspHook.dll
2009-04-10 19:29 55,552 a------- c:\windows\system32\pavipc.dll
2009-04-10 19:29 520,448 a------- c:\windows\system32\PavSHook.dll
2009-04-10 19:29 197,888 a------- c:\windows\system32\drivers\neti1634.sys
2009-04-10 19:29 <DIR> --d----- c:\windows\system32\PAV
2009-04-10 19:29 <DIR> --d----- c:\users\owner\appdata\roaming\Panda Security
2009-04-10 19:29 <DIR> --d----- c:\programdata\Panda Security
2009-04-10 19:29 <DIR> --d----- c:\program files\Panda Security
2009-04-10 19:29 <DIR> --d----- c:\progra~2\Panda Security
2009-04-10 19:19 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-10 19:18 179,640 a------- c:\windows\system32\drivers\PavProc.sys
2009-04-10 19:18 41,144 a------- c:\windows\system32\drivers\ShlDrv51.sys
2009-04-10 18:36 <DIR> --d----- c:\users\owner\appdata\roaming\IObit
2009-04-10 18:36 <DIR> --d----- c:\program files\IObit
2009-04-10 18:15 <DIR> --d----- c:\users\owner\appdata\roaming\CleanMyPC Software
2009-04-10 18:15 <DIR> a-d----- c:\programdata\TEMP
2009-04-10 18:09 <DIR> --d----- c:\program files\Zards software
2009-04-10 17:38 423 a------- c:\windows\AvDetected.ini
2009-04-09 19:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-07 21:00 <DIR> --d----- c:\program files\Playinator
2009-04-06 21:31 <DIR> --d----- c:\program files\Sincell
2009-04-06 21:20 <DIR> --d----- c:\programdata\WindowsSearch
2009-04-06 07:23 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-05 20:21 <DIR> --d----- C:\PerfLogs

==================== Find3M ====================

2009-04-10 19:31 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-10 19:31 51,200 a------- c:\windows\inf\infpub.dat
2009-04-10 19:31 86,016 a------- c:\windows\inf\infstor.dat
2009-04-05 20:34 174 a--sh--- c:\program files\desktop.ini
2009-04-05 20:21 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-05 19:53 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-05 19:53 82,432 a------- c:\windows\system32\axaltocm.dll
2009-03-17 04:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 04:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 04:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-03 05:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 05:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 05:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 05:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 05:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 05:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 05:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 05:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 05:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 05:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 04:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 03:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 03:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-02-13 09:49 72,704 a------- c:\windows\system32\secur32.dll
2009-02-13 09:49 1,255,936 a------- c:\windows\system32\lsasrv.dll
2009-02-09 04:10 2,033,152 a------- c:\windows\system32\win32k.sys
2009-01-25 11:16 362 a------- c:\users\owner\appdata\roaming\wklnhst.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 13:39 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 13:39 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2009-01-07 19:00 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2009-01-07 19:00 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2009-01-07 19:00 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 20:05:41.98 ===============

Hope this makes sense to you !!!
Regards
Nick

Attached Files



#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:36 PM

Posted 27 April 2009 - 07:18 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Are you having any other problems or concerns? Do all of your scans come up clean now?
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 nicktiler

nicktiler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 28 April 2009 - 01:58 PM

Hi thanks for your response
I downloaded Spybot search and destroy, ran in safe mode as administrator, cleaned and fixed flagged problems.
Also selected option to immunise system......
This seemed to work to some degree as prior to this my Panda Global Protection kept informing me that I had a virus problem, but it could not remove it.
After running Spybot as described my Panda stopped telling me I had a virus....
So I assume it has either gone or has been immunised on startup by Spybot !!!

#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:36 PM

Posted 28 April 2009 - 07:05 PM

Do you remember what the Virus was that Panda kept telling you about? Is it in a log somewhere in Panda (I am not real familiar with the inner workings of Panda).
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:07:36 PM

Posted 06 May 2009 - 04:00 PM

This thread is closed due to inactivity.
If you need this topic reopened, please send me a PM. This applies to the thread originator only, all others start a new thread.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#8 nicktiler

nicktiler
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:36 PM

Posted 08 May 2009 - 05:39 AM

Hi
log as requested.
Panda detected and tried to disinfect, but it kept coming back.
Once I had installed and run Spybot in safe mode as administrator, also selecting option to immunise syestem, Panda ceased to detect it was there.
Does this mean that it has gone ? Or has Spybot just stopped it from running at startup ?
Thanks for your assistance
Regards
Nick

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users