Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't update AV or Windows


  • This topic is locked This topic is locked
3 replies to this topic

#1 dlaydii

dlaydii

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:27 PM

Posted 22 May 2009 - 09:54 AM

Hi
I was wondering if someone could please help me.
I am unable to update any antivirus on my laptop. I was using AVG Free, which I uninstallled as it wouldn't update, and I then installed Panda 2009. This also does not update and tells me to check my internet connection.

The same occurs when I try to run my windows update.

Another issue is that everytime I search on google, when I click on the links it directs me to another page. I also noticed I could not get to any AV sites.

I am not sure if this is related, but a few nights ago my wireless stopped working also. And I am unable to run the windows update to see if this will fix it.

I have since downloaded malwarebyts, and it removed about 20 infected files. I have since been able to access AV sites, but still cannot run any updates. When I run malwarebytes now, no infected files come up.

If someone could please help me that would be greatly appreciate. I do not know much about computers except for basic usage knowledge.

Please is my DDS log as requested:

DDS (Ver_09-05-14.01) - NTFSx86
Run by user at 0:42:13.73 on Sat 23/05/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.61.1033.18.958.299 [GMT 10:00]

AV: Panda Global Protection 2009 *On-access scanning disabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
SP: Trend Micro Internet Security *disabled* (Updated) {003DD9A8-02A6-43CF-81BA-5D403CAD001E}
SP: Panda Global Protection 2009 *disabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
FW: Panda Personal Firewall 2009 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
FW: Trend Micro Personal Firewall *disabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost -k Panda
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrvx86.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
C:\Windows\system32\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Samsung\Samsung Media Studio 5\SMSTray.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\user\Program Files\DNA\btdna.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10a.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://au.yahoo.com
mDefault_Page_URL = hxxp://au.yahoo.com
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.1.1119.1736\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {E1BACF55-35E1-4E47-9247-2D48660E5545} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Veoh] "c:\program files\veoh networks\veoh\VeohClient.exe" /VeohHide
uRun: [<NO NAME>]
uRun: [Google Update] "c:\users\user\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [BitTorrent DNA] "c:\users\user\program files\dna\btdna.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WinampAgent] c:\program files\winamp\winampa.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SMSTray] c:\program files\samsung\samsung media studio 5\SMSTray.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NBKeyScan] "c:\program files\nero\nero8\nero backitup\NBKeyScan.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2009\Inicio.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search -
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w2/resources/VistaMSNPUplden-au.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} - hxxp://download.sp.f-secure.com/ols/f-secure-rtm/resources/fslauncher.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\user\appdata\roaming\mozilla\firefox\profiles\1euie41c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=3&q=
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://search.shareazaweb.com/au/
FF - component: c:\users\user\appdata\roaming\mozilla\firefox\profiles\1euie41c.default\extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\components\FFAlert.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\user\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\user\program files\dna\plugins\npbtdna.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-5-17 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-5-17 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-5-17 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-5-17 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-5-17 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-5-17 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-5-17 41144]
R1 tmlwf;Trend Micro NDIS 6.0 Filter Driver;c:\windows\system32\drivers\tmlwf.sys [2007-9-17 141840]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-5-17 46720]
R2 AmFSM;AmFSM;c:\windows\system32\drivers\amm8660.sys [2009-5-17 49208]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-5-17 13880]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-5-20 179856]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-5-17 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2009\psksvc.exe [2009-5-17 28928]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2007-9-17 52368]
R2 tmwfp;Trend Micro WFP Callout Driver;c:\windows\system32\drivers\tmwfp.sys [2007-9-17 228368]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-5-20 15504]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-5-17 197888]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-3-27 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 TmPfw;Trend Micro Personal Firewall;c:\progra~1\trendm~1\intern~1\TmPfw.exe [2008-1-16 480520]

=============== Created Last 30 ================

2009-05-20 20:30 <DIR> --d----- c:\users\user\appdata\roaming\Malwarebytes
2009-05-20 20:04 <DIR> --d----- c:\programdata\Office Genuine Advantage
2009-05-20 19:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-05-20 19:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-20 19:54 <DIR> --d----- c:\programdata\Malwarebytes
2009-05-20 19:54 <DIR> --d----- c:\progra~2\Malwarebytes
2009-05-20 19:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-05-20 18:28 <DIR> --d----- c:\program files\Broadcom
2009-05-17 21:58 13,880 a------- c:\windows\system32\drivers\COMFiltr.sys
2009-05-17 21:57 49,208 a------- c:\windows\system32\drivers\amm8660.sys
2009-05-17 21:57 261 a------- c:\windows\system32\PavCPL.dat
2009-05-17 21:57 229,172 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-05-17 21:57 229,172 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-05-17 21:57 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-05-17 21:57 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-05-17 21:57 46,720 a------- c:\windows\system32\drivers\wnmflt.sys
2009-05-17 21:57 52,992 a------- c:\windows\system32\drivers\dsaflt.sys
2009-05-17 21:57 193,792 a------- c:\windows\system32\drivers\idsflt.sys
2009-05-17 21:56 158,848 a------- c:\windows\system32\drivers\NETFLTDI.SYS
2009-05-17 21:56 73,728 a------- c:\windows\system32\drivers\APPFLT.SYS
2009-05-17 21:56 22,072 a------- c:\windows\system32\drivers\fnetmon.sys
2009-05-17 21:56 <DIR> --d----- c:\programdata\Backup
2009-05-17 21:56 <DIR> --d----- c:\progra~2\Backup
2009-05-17 21:55 54,832 a------- c:\windows\system32\pavcpl.cpl
2009-05-17 21:55 446,464 a------- c:\windows\system32\HHActiveX.dll
2009-05-17 21:55 193,280 a------- c:\windows\system32\TpUtil.dll
2009-05-17 21:55 107,568 a------- c:\windows\system32\SYSTOOLS.DLL
2009-05-17 21:55 87,296 a------- c:\windows\system32\PavLspHook.dll
2009-05-17 21:55 55,552 a------- c:\windows\system32\pavipc.dll
2009-05-17 21:55 520,448 a------- c:\windows\system32\PavSHook.dll
2009-05-17 21:55 197,888 a------- c:\windows\system32\drivers\neti1634.sys
2009-05-17 21:55 <DIR> --d----- c:\windows\system32\PAV
2009-05-17 21:55 <DIR> --d----- c:\users\user\appdata\roaming\Panda Security
2009-05-17 21:55 <DIR> --d----- c:\programdata\Panda Security
2009-05-17 21:55 <DIR> --d----- c:\program files\Panda Security
2009-05-17 21:55 <DIR> --d----- c:\progra~2\Panda Security
2009-05-17 21:54 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-05-17 21:53 179,640 a------- c:\windows\system32\drivers\PavProc.sys
2009-05-17 21:53 41,144 a------- c:\windows\system32\drivers\ShlDrv51.sys
2009-05-17 21:53 <DIR> --d----- c:\program files\common files\Panda Security
2009-05-17 21:08 143 a------- c:\windows\AvDetected.ini
2009-05-17 19:39 <DIR> --d----- c:\programdata\Downloaded Installations
2009-05-17 19:39 <DIR> --d----- c:\progra~2\Downloaded Installations

==================== Find3M ====================

2009-05-21 23:37 12,978 a------- c:\users\user\appdata\roaming\nvModes.dat
2009-05-21 20:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-05-21 20:34 51,200 a------- c:\windows\inf\infpub.dat
2009-05-21 20:34 86,016 a------- c:\windows\inf\infstor.dat
2009-03-17 13:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-17 13:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-17 13:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-09 04:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-03 14:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 14:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 14:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 14:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 14:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 14:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 14:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 14:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 14:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 14:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 13:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 12:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-03 12:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2008-10-07 11:46 174 a--sh--- c:\program files\desktop.ini
2008-10-07 11:28 665,600 a------- c:\windows\inf\drvindex.dat
2007-08-26 21:15 0 a------- c:\users\user\appdata\roaming\wklnhst.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 22:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 22:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 19:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 19:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2008-12-17 14:00 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\history\history.ie5\index.dat
2008-12-17 14:00 32,768 a--sh--- c:\windows\serviceprofiles\localservice\appdata\local\microsoft\windows\temporary internet files\content.ie5\index.dat
2008-12-17 14:00 16,384 a--sh--- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\cookies\index.dat

============= FINISH: 0:45:31.69 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:27 PM

Posted 23 May 2009 - 12:05 AM

Hi dlaydii,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.

Your log(s) show that you are using so called peer-to-peer or file-sharing programs. These programs allow to share files between users as the name(s) suggest. In today's world the cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

Removal Instructions
  • Empty all p2p (Bittorrent, LimeWire, etc...) download folders. They might contain infected files. Please avoid using these p2p applications until the system is clean. Using these applications at this stage might lead to reinfection or infecting other users.

  • I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
    1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
    2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
    I see also on your log that you are running two firewalls. Having two firewalls means every connection should pass through two security check points which means prolonging the connection time without adding more security. I suggest you use one of them and uninstall the other.
    Therefore please go to add/remove in the control panel and remove either Panda Global Protection 2009 or Trend Micro Internet Security.

  • You have the latest version of Java and it is good. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components:
    Click "start" and then "Control Panel" icon.
    Doubleclick the "Add or Remove Programs" icon
    A list of programs installed will be "populated" this may take a bit of time.
    Uninstall the following by clicking on the following entries and selecting "remove":

    Java™ SE Runtime Environment 6

  • Open your Malwarebytes' Anti-Malware, first update it, run a "quick scan", let reboot if needed and copy/paste the log to your reply.
    If you could not update MBAM, update it MBAM manually. To do that download mbam-rules.exe.
    Double-click mban-rules.exew to run it.
    Then run MBAM, let remove what it finds, reboot if needed and post the log.
    Note: The logs are saved by default under the Logs tab. If the log did not automatically open you can obtain the latest log from there.

  • Please run Hijackthis. Click Do a system scan and save a logfile then copy and paste the content of the log to your reply.
Please include in your next reply:
  • The log of MBAM.
  • A Hijackthis log.
  • Any comment or feedback about how it went.


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:27 PM

Posted 26 May 2009 - 06:53 PM

I'll wait one more day before closing the topic.

#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:12:27 PM

Posted 29 May 2009 - 05:52 AM

This thread will now be closed due to inactivity.

If you should have the same issue or a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users