Making sure my comp is clean after malwarebytes and panda deleted malware

View previous topic View next topic Go down

Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 5th December 2009, 9:53 am

Hi,
I performed scans from Panda security 2009 and malwarebytes which found various malware and were deleted and I wanted to know if my system is safe. I am skeptical that my system is free of malware because in the task manager I see about four svchost.exe names pop up but since I am not to familiar with computers I may be wrong. The malwarebytes log is posted below and I apologize for not posting a hijack this but it was because I was unable to download it from the link given on this site. Panda Security picked up two hacker tools dubbed killti.exe and powerreg... Please help

Malwarebytes' Anti-Malware 1.41
Database version: 2854
Windows 5.1.2600 Service Pack 3

9/24/2009 1:35:36 AM
mbam-log-2009-09-24 (01-35-36).txt

Scan type: Quick Scan
Objects scanned: 141774
Time elapsed: 17 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 23
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 8

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljjaqgwu (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44aa84d1-6630-4de0-b1c2-6a01921c48b2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\evenntf (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{44aa84d1-6630-4de0-b1c2-6a01921c48b2} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8b27cc68-110c-46a9-80d3-f3107de6eb98} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\WR (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpre (Trojan.Downloader) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{24e9519b-3f70-429b-99bc-4b2b49b96f66} (Trojan.Vundo) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tony\Start Menu\Programs\Internet Speed Monitor (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bharebio01 (Trojan.Agent) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\ljJAQGwU.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\evenntf.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSINET.oca (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Tony\Start Menu\Programs\Internet Speed Monitor\Uninstall.lnk (Adware.AdSponsor) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\BMab36dbf2.txt (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\BMab36dbf2.xml (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by Belahzur on 5th December 2009, 4:19 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 5th December 2009, 7:21 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:14 AM, on 12/5/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
O2 - BHO: HP Smart Web Printing 1.0 - {AE84A6AA-A333-4B92-B276-C11E2212E4FE} - C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {FCDA0C53-3379-43F8-AFAF-F4C70CC08A5A} - C:\WINDOWS\system32\efcDVPij.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: ooVoo Toolbar - {A1FB2F9A-D35E-11DD-8935-E46A56D89593} - C:\Program Files\oovootb\oovoodx.dll
O3 - Toolbar: Dictionary.com Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ShowLOMControl] 
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] "C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Global Protection 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Global Protection 2009\Inicio.exe"
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: SafeConnect.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - [You must be registered and logged in to see this link.] Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SafeConnect Manager (SCManager) - Unknown owner - C:\Program Files\SafeConnect\scManager.sys servicestart (file missing)
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 14252 bytes

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by Belahzur on 5th December 2009, 7:46 pm

Hello.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run.
  • When complete, two logs will open. Save both of the report to your Desktop.
  • Copy and paste BOTH LOGS back here, use more than one post if needed.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 5th December 2009, 8:38 pm

DDS (Ver_09-12-01.01) - NTFSx86
Run by Tony at 12:12:29.10 on Sat 12/05/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.153 [GMT -8:00]

AV: Panda Global Protection 2009 *On-access scanning enabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2009 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Global Protection 2009\TPSrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2009\WebProxy.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost -k Panda
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Panda Security\Panda Global Protection 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\PskSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SafeConnect\scManager.sys
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\AVENGINE.EXE
c:\program files\panda security\panda global protection 2009\firewall\PSHOST.EXE
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\ApvxdWin.exe
C:\Program Files\Panda Security\Panda Global Protection 2009\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2009\PavBckPT.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\SafeConnect\scClient.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\ooVoo\ooVoo.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Tony\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearch Bar = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
BHO: CPrintEnhancer Object: {ae84a6aa-a333-4b92-b276-c11e2212e4fe} - c:\program files\hp\smart web printing\SmartWebPrinting.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {fcda0c53-3379-43f8-afaf-f4c70cc08a5a} - c:\windows\system32\efcDVPij.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: ooVoo Toolbar: {a1fb2f9a-d35e-11dd-8935-e46a56d89593} - c:\program files\oovootb\oovoodx.dll
TB: Dictionary.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {A057A204-BACC-4D26-8087-36EE87E26986} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Steam] c:\program files\steam\Steam.exe -silent
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: []
mRun: [IntelWireless] c:\program files\intel\wireless\bin\ifrmewrk.exe /tf Intel PROSet/Wireless
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [ShowLOMControl] 1 (0x1)
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Logitech Hardware Abstraction Layer] "c:\program files\common files\logitech\khalshared\KHALMNPR.EXE"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2009\Inicio.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\safeco~1.lnk - c:\program files\safeconnect\scClient.exe
IE: &Yahoo! Search - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycsrch.htm
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office10\EXCEL.EXE/3000
IE: Yahoo! &Dictionary - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycdict.htm
IE: Yahoo! &Maps - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycmap.htm
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\yahoo!\Common/ycsms.htm
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\aim95\aim.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: musicmatch.com\online
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - [You must be registered and logged in to see this link.]
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - [You must be registered and logged in to see this link.]
DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - [You must be registered and logged in to see this link.]
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - [You must be registered and logged in to see this link.]
DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - [You must be registered and logged in to see this link.]
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll
Notify: IntelWireless - c:\program files\intel\wireless\bin\LgNotify.dll
Notify: WRNotifier - WRLogonNTF.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\efcDVPij

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\mv0otdmb.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - m.www.yahoo.com
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\documents and settings\tony\application data\mozilla\firefox\profiles\mv0otdmb.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071301000019.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - hȋdden: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-11-29 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-11-29 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-11-29 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-11-29 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-11-29 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-11-29 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-11-29 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-11-29 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2007-1-14 3712]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2009\PsCtrlS.exe [2009-11-29 181504]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2009-11-29 84024]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2009\PavFnSvr.exe [2009-11-29 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-11-29 179640]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2009-11-29 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2009\PAVSRV51.EXE [2009-11-29 288512]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2009\psksvc.exe [2009-11-29 28928]
R2 SCManager;SafeConnect Manager;c:\program files\safeconnect\scmanager.sys servicestart --> c:\program files\safeconnect\scManager.sys servicestart [?]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-23 24652]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-11-29 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-11-29 197888]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2009-12-01 08:37:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Software
2009-11-29 22:44:36 8627 ----a-w- c:\windows\system32\PAV_FOG.OPC
2009-11-29 22:37:46 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2009-11-29 22:33:28 84024 ----a-w- c:\windows\system32\drivers\pavdrv51.sys
2009-11-29 22:33:24 261 ----a-w- c:\windows\system32\PavCPL.dat
2009-11-29 22:33:21 231164 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-11-29 22:33:21 231164 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2009-11-29 22:33:21 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-11-29 22:33:21 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2009-11-29 22:33:14 52992 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2009-11-29 22:33:14 46720 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2009-11-29 22:33:14 193792 ----a-w- c:\windows\system32\drivers\idsflt.sys
2009-11-29 22:33:00 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2009-11-29 22:32:59 73728 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2009-11-29 22:32:59 158848 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2009-11-29 22:32:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Backup
2009-11-29 22:32:12 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2009-11-29 22:31:41 446464 ----a-w- c:\windows\system32\HHActiveX.dll
2009-11-29 22:31:21 193280 ----a-w- c:\windows\system32\TpUtil.dll
2009-11-29 22:31:20 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2009-11-29 22:31:20 55552 ----a-w- c:\windows\system32\pavipc.dll
2009-11-29 22:31:20 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2009-11-29 22:31:16 520448 ----a-w- c:\windows\system32\PavSHook.dll
2009-11-29 22:31:05 197888 ----a-w- c:\windows\system32\drivers\neti1634.sys
2009-11-29 22:30:56 58672 ----a-w- c:\windows\system32\avldr.dll
2009-11-29 22:30:56 0 d-----w- c:\windows\system32\PAV
2009-11-29 22:30:40 0 d-----w- c:\docume~1\tony\applic~1\Panda Security
2009-11-29 22:30:39 0 d-----w- c:\program files\Panda Security
2009-11-29 22:30:39 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Security
2009-11-29 22:28:51 28544 ----a-w- c:\windows\system32\drivers\pavboot.sys
2009-11-29 22:26:55 41144 ----a-r- c:\windows\system32\drivers\ShlDrv51.sys
2009-11-29 22:26:55 179640 ----a-r- c:\windows\system32\drivers\PavProc.sys
2009-11-29 22:26:54 0 d-----w- c:\program files\common files\Panda Security
2009-11-29 10:16:21 0 d-----w- c:\docume~1\tony\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-13 22:24:45 0 d-----w- c:\program files\SafeConnect
2009-11-12 04:53:05 0 d-----w- c:\windows\048298C9A4D3490B9FF9AB023A9238F3.TMP
2009-11-06 02:14:42 41872 ----a-w- c:\windows\system32\xfcodec.dll

==================== Find3M ====================

2009-12-05 18:54:57 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-05 18:54:51 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2009-12-05 02:57:22 7050 --sha-w- c:\windows\system32\KGyGaAvL.sys
2009-12-04 00:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-04 00:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-26 07:21:25 38496 -c--a-w- c:\docume~1\tony\applic~1\GDIPFONTCACHEV1.DAT
2009-10-21 04:08:54 3598336 ----a-w- c:\windows\system32\dllcache\mshtml.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-11 14:18:39 136192 ------w- c:\windows\system32\dllcache\msv1_0.dll
2007-11-12 09:31:24 56 --sh--r- c:\windows\system32\F494ADB7DE.sys
2008-04-10 16:52:20 358095 --sha-w- c:\windows\system32\jiPVDcfe.ini2
2009-01-09 05:14:42 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010820090109\index.dat

============= FINISH: 12:13:34.79 ===============

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 5th December 2009, 8:39 pm

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/5/2006 11:46:21 PM
System Uptime: 12/5/2009 10:54:26 AM (2 hours ago)

Motherboard: Dell Inc. | | 0HC416
Processor: Intel(R) Pentium(R) M processor 1.73GHz | Microprocessor | 1054/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 50 GiB total, 7.433 GiB free.
D: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: 1394 Net Adapter
Device ID: V1394\NIC1394\3A116D21424FC000
Manufacturer: Microsoft
Name: 1394 Net Adapter
PNP Device ID: V1394\NIC1394\3A116D21424FC000
Service: NIC1394

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) PRO/Wireless 2200BG Network Connection
Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0
Manufacturer: Intel(R) Corporation
Name: Intel(R) PRO/Wireless 2200BG Network Connection
PNP Device ID: PCI\VEN_8086&DEV_4220&SUBSYS_27218086&REV_05\4&2FA23535&0&18F0
Service: w29n51

==== System Restore Points ===================

RP681: 10/22/2009 12:59:11 AM - Software Distribution Service 3.0
RP682: 10/22/2009 5:54:47 PM - Software Distribution Service 3.0
RP683: 10/23/2009 3:00:26 AM - Software Distribution Service 3.0
RP684: 10/23/2009 7:46:34 PM - Software Distribution Service 3.0
RP685: 10/23/2009 11:44:42 PM - Software Distribution Service 3.0
RP686: 10/25/2009 12:54:39 AM - Software Distribution Service 3.0
RP687: 10/25/2009 12:00:34 PM - Software Distribution Service 3.0
RP688: 10/26/2009 12:23:31 AM - Software Distribution Service 3.0
RP689: 10/27/2009 12:10:44 AM - Software Distribution Service 3.0
RP690: 10/27/2009 1:12:46 PM - Software Distribution Service 3.0
RP691: 10/28/2009 7:31:28 AM - Software Distribution Service 3.0
RP692: 10/29/2009 12:44:33 AM - Software Distribution Service 3.0
RP693: 10/29/2009 6:13:04 PM - Software Distribution Service 3.0
RP694: 10/30/2009 3:00:23 AM - Software Distribution Service 3.0
RP695: 10/30/2009 11:54:30 AM - Software Distribution Service 3.0
RP696: 10/30/2009 11:19:43 PM - Software Distribution Service 3.0
RP697: 10/31/2009 1:27:19 PM - Software Distribution Service 3.0
RP698: 11/1/2009 1:24:13 AM - Software Distribution Service 3.0
RP699: 11/2/2009 6:24:27 AM - Software Distribution Service 3.0
RP700: 11/3/2009 1:36:14 AM - Software Distribution Service 3.0
RP701: 11/3/2009 6:52:36 PM - Software Distribution Service 3.0
RP702: 11/3/2009 11:21:49 PM - Software Distribution Service 3.0
RP703: 11/4/2009 10:16:06 AM - Software Distribution Service 3.0
RP704: 11/5/2009 10:47:00 AM - Software Distribution Service 3.0
RP705: 11/6/2009 1:47:46 PM - System Checkpoint
RP706: 11/7/2009 12:28:43 AM - Software Distribution Service 3.0
RP707: 11/7/2009 11:59:36 PM - System Checkpoint
RP708: 11/8/2009 12:48:05 AM - Software Distribution Service 3.0
RP709: 11/9/2009 7:16:53 AM - Software Distribution Service 3.0
RP710: 11/10/2009 3:00:23 AM - Software Distribution Service 3.0
RP711: 11/10/2009 11:59:08 PM - Software Distribution Service 3.0
RP712: 11/11/2009 1:14:34 PM - Software Distribution Service 3.0
RP713: 11/11/2009 5:03:22 PM - Software Distribution Service 3.0
RP714: 11/11/2009 11:31:28 PM - Software Distribution Service 3.0
RP715: 11/12/2009 9:28:22 AM - Software Distribution Service 3.0
RP716: 11/12/2009 4:33:02 PM - Software Distribution Service 3.0
RP717: 11/12/2009 11:25:28 PM - Software Distribution Service 3.0
RP718: 11/13/2009 5:20:02 PM - Software Distribution Service 3.0
RP719: 11/14/2009 1:28:49 AM - Software Distribution Service 3.0
RP720: 11/14/2009 11:46:24 AM - Software Distribution Service 3.0
RP721: 11/15/2009 3:00:23 AM - Software Distribution Service 3.0
RP722: 11/16/2009 1:28:21 AM - Software Distribution Service 3.0
RP723: 11/17/2009 1:53:55 AM - Software Distribution Service 3.0
RP724: 11/17/2009 5:53:36 PM - Software Distribution Service 3.0
RP725: 11/18/2009 12:55:24 AM - Software Distribution Service 3.0
RP726: 11/18/2009 11:29:48 PM - Software Distribution Service 3.0
RP727: 11/19/2009 5:59:19 PM - Software Distribution Service 3.0
RP728: 11/20/2009 1:38:50 AM - Software Distribution Service 3.0
RP729: 11/20/2009 10:07:10 PM - Software Distribution Service 3.0
RP730: 11/21/2009 11:32:30 PM - Software Distribution Service 3.0
RP731: 11/22/2009 10:27:23 AM - Software Distribution Service 3.0
RP732: 11/23/2009 1:23:41 AM - Software Distribution Service 3.0
RP733: 11/23/2009 9:22:12 AM - Software Distribution Service 3.0
RP734: 11/23/2009 6:31:41 PM - Software Distribution Service 3.0
RP735: 11/24/2009 1:49:33 AM - Software Distribution Service 3.0
RP736: 11/24/2009 6:04:00 PM - Software Distribution Service 3.0
RP737: 11/25/2009 1:05:05 AM - Software Distribution Service 3.0
RP738: 11/25/2009 9:29:59 AM - Software Distribution Service 3.0
RP739: 11/26/2009 2:11:02 AM - Software Distribution Service 3.0
RP740: 11/26/2009 3:39:24 PM - Software Distribution Service 3.0
RP741: 11/27/2009 2:07:00 AM - Software Distribution Service 3.0
RP742: 11/28/2009 9:24:05 AM - Software Distribution Service 3.0
RP743: 11/28/2009 4:28:35 PM - Software Distribution Service 3.0
RP744: 11/29/2009 2:39:04 AM - Software Distribution Service 3.0
RP745: 11/29/2009 2:03:06 PM - Software Distribution Service 3.0
RP746: 11/29/2009 2:13:39 PM - Removed Kaspersky Internet Security 6.0.
RP747: 11/30/2009 5:37:21 AM - Software Distribution Service 3.0
RP748: 11/30/2009 11:12:48 PM - Removed EarthLink setup files
RP749: 11/30/2009 11:14:11 PM - Removed Get High Speed Internet!
RP750: 12/1/2009 12:35:17 AM - Software Distribution Service 3.0
RP751: 12/2/2009 1:03:15 AM - Software Distribution Service 3.0
RP752: 12/3/2009 1:34:08 AM - Software Distribution Service 3.0
RP753: 12/3/2009 5:15:29 PM - Software Distribution Service 3.0
RP754: 12/4/2009 12:41:33 AM - Software Distribution Service 3.0
RP755: 12/5/2009 2:10:13 AM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 9.2
AIM 7
AIM Toolbar
AIMTunes
AIO_Scan
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Uninstaller (Choose which Products to Remove)
AOLIcon
Ask Toolbar
Blitzkrieg
Broadcom Management Programs
BufferChm
C4200
c4200_Help
Civilization III - Gold Edition
Conexant HDA D110 MDC V.92 Modem
Copy
Corel Paint Shop Pro X
Corel Photo Album 6
Critical Update for Windows Media Player 11 (KB959772)
Crossword Weaver 8.0
CustomerResearchQFolder
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Game Console
Dell Support Center (Support Software)
Dell System Restore
DellSupport
Destinations
DeviceManagementQFolder
Digital Line Detect
DocProc
DocProcQFolder
Documentation & Support Launcher
Download Updater (AOL LLC)
ELIcon
ESPNMotion
eSupportQFolder
Games, Music, & Photos Launcher
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 10 (KB903157)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
HP Customer Participation Program 8.0
HP Imaging Device Functions 8.0
HP OCR Software 8.0
HP Photosmart All-In-One Software 8.0
HP Photosmart Essential
HP Product Assistant
HP Smart Web Printing 1.0
HP Solution Center 8.0
HP Update
HPProductAssistant
HPSSupply
Intel(R) Graphics Media Accelerator Driver for Mobile
Intel(R) PROSet/Wireless Software
Internal Network Card Power Management
Internet Service Offers Launcher
iPod for Windows 2005-09-23
iTunes
J2SE Runtime Environment 5.0 Update 3
Java 2 Runtime Environment, SE v1.4.2_03
Java(TM) 6 Update 15
KhalSetup
Lavasoft VX2 Cleaner
Learn2 Player (Uninstall Only)
Logitech Desktop Messenger
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech SetPoint
Logitech Updater
Macromedia Shockwave Player
Malwarebytes' Anti-Malware
MarketResearch
MathType 6
mCore
mDrWiFi
mHlpDell
Microsoft .NET Framework 1.0 Hotfix (KB953295)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Rise Of Nations
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 Redistributable
mIWA
mIWCA
mLogView
mMHouse
Modem Helper
Mozilla Firefox (3.5.5)
mPfMgr
mPfWiz
mProSafe
MS Access 97 SP2
mSSO
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
mToolkit
Musicmatch for Windows Media Player
Musicmatch® Jukebox
mWlsSafe
mXML
mZConfig
NetWaiting
NetZeroInstallers
ooVoo
ooVoo Toolbar (Remove Toolbar Only)
Panda Global Protection 2009
Pharaoh
Preclick PhotoMovieMaker
PS_AIO_ProductContext
PS_AIO_Software
PS_AIO_Software_min
QuickSet
QuickTime
RealPlayer Basic
Roll
Rome - Total War(TM)
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
SafeConnect
Scan
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Sierra Utilities
SimCity 3000 Unlimited
SolutionCenter
Sonic Activation Module
Sonic Encoders
Sonic Update Manager
Star Wars Empire at War
StarCraft
Status
Steam
Stronghold Crusader
Synaptics Pointing Device Driver
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update Rollup 2 for Windows XP Media Center Edition 2005
Viewpoint Media Player
WebCyberCoach 3.2 Dell
WebFldrs XP
WebReg
WildTangent Web Driver
Windows Genuine Advantage Notifications (KB905474)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Media Center Edition 2005 KB908246
Windows XP Media Center Edition 2005 KB925766
Windows XP Media Center Edition 2005 KB973768
Windows XP Service Pack 3
WinRAR archiver
Xfire (remove only)
Yahoo! Browser Services
Yahoo! Messenger
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

12/3/2009 5:04:11 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the w32time service.
12/1/2009 10:07:35 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
12/1/2009 10:07:35 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Documents and Settings\Tony\Application Data\Mozilla\Firefox\Profiles\mv0otdmb.default\extensions\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\components\ooVooCtl.dll. Reference error message: The operation completed successfully. .
12/1/2009 10:07:35 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
11/29/2009 2:50:01 PM, error: Service Control Manager [7022] - The Panda On-Access Anti-Malware Service service hung on starting.
11/28/2009 1:07:26 PM, error: Schannel [36882] - The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, nȯne of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.

==== End Of File ===========================

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by Belahzur on 6th December 2009, 1:09 am

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Ask Toolbar
    J2SE Runtime Environment 5.0 Update 3
    Java 2 Runtime Environment, SE v1.4.2_03
    Java(TM) 6 Update 15
    Viewpoint Media Player

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    c:\windows\system32\efcDVPij.dll
    c:\windows\system32\jiPVDcfe.ini2

    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcda0c53-3379-43f8-afaf-f4c70cc08a5a}]
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 6th December 2009, 3:02 am

========== FILES ==========
File/Folder c:\windows\system32\efcDVPij.dll not found.
c:\windows\system32\jiPVDcfe.ini2 moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcda0c53-3379-43f8-afaf-f4c70cc08a5a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fcda0c53-3379-43f8-afaf-f4c70cc08a5a}\ deleted successfully.
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa\\"Authentication Packages"|hex(7):6d,73,76,31,5f,30,00,00 /E : value set successfully!

OTM by OldTimer - Version 3.1.2.2 log created on 12052009_190113

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by Belahzur on 6th December 2009, 12:02 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTM.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\autorun.inf


  • Return to OTMoveIt, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 6th December 2009, 7:24 pm

========== FILES ==========
File/Folder C:\autorun.inf not found.

OTM by OldTimer - Version 3.1.2.2 log created on 12062009_112327

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by Belahzur on 7th December 2009, 1:20 am

Whoops, wrong speech.

We can remove OTMoveIt now.

  • Please double-click OTM.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 7th December 2009, 6:20 am

It's fine I do not see any signs of malware as far as I know. So would you consider my computer clean? Also just out of curiosity did we delete any harmful files or was this mostly a diagnosis and a deletion of useless programs? Nevertheless thank you for your time and help!

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by Belahzur on 7th December 2009, 9:12 pm

It should be clean, but I can only see what logs are telling me, your the one using the machine, only you can tell me how it's going.

It was malware, but just an adware infection, nothing serious.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 8th December 2009, 8:02 am

I see, well everything is good, thank you for your help once again.

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by Belahzur on 8th December 2009, 9:40 pm

We need to make a new restore point.

To turn off System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (or the Turn off System Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Now we need to make a new restore point.
To turn on System Restore, follow these steps:
1. Click Start, right-click My Computer, and then click Properties.
2. Click the System Restore tab.
3. Click the Turn off System Restore check box (To turn on System Restore), and then click OK.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems. As happy as we are to help you, for your sake we would rather not have repeat customers. Goofy

1) Please navigate to [You must be registered and logged in to see this link.] and download all the "critical updates" for Windows. This can patch many of the security holes through which attackers can gain access to your computer.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates , or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

2) In order to protect yourself against spyware, you should consider installing and running the following free programs:

[You must be registered and logged in to see this link.]
A tutorial on using Ad-Aware to remove spyware from your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using Spybot to remove spyware from your computer may be found [You must be registered and logged in to see this link.]. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

[You must be registered and logged in to see this link.]
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found [You must be registered and logged in to see this link.].

[You must be registered and logged in to see this link.]
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found [You must be registered and logged in to see this link.].

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

3) Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
[You must be registered and logged in to see this link.]
I also recommand the following add-ons for Firefox, they will help keep you safe from malicious scripts or activeX exploits.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

4) Also make sure to run your antivirus software regularly, and to keep it up-to-date.

To help you keep your software updated, please considering using this free software program that will check for program updates.
[You must be registered and logged in to see this link.]

5) Finally, consider maintaining a firewall. Some good free firewalls are [You must be registered and logged in to see this link.], or
[You must be registered and logged in to see this link.]
A tutorial on understanding and using firewalls may be found [You must be registered and logged in to see this link.].

Please also read Tony Klein's excellent article: [You must be registered and logged in to see this link.]

If you would take a moment to fill out our feedback form, we would appreciate it.
The link can be found [You must be registered and logged in to see this link.].

Hopefully this should take care of your problems! Good luck. Big Grin


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 9th December 2009, 1:13 am

Alright sounds good, oh one last thing so is it okay to have 12 svchost.exe things on the task manager? Just seemed a little odd.

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by Belahzur on 9th December 2009, 2:40 pm

Yes, the machine uses svchost for more than one purpose.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245091
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Making sure my comp is clean after malwarebytes and panda deleted malware

Post by M0nk on 10th December 2009, 1:08 am

Alright thx for all your help, happy holidays!

M0nk
Novice
Novice

Posts Posts : 15
Joined Joined : 2009-09-25
OS OS : XP
Points Points : 26469
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum