Is it a virus?

View previous topic View next topic Go down

Is it a virus?

Post by Vladimir on 18th April 2009, 12:45 pm

I have Panda antivirus pro but I can't activate it because of a problem, I think I will have it done by monday when I will call out the technical support to aid me.

Anyway I suspect that my pc now has again viruses damn it... Why I say that? Because it has strange lags as when I had viruses at the past on my pc and I can't find a solution because my antivirus is not yet activated so any help would be helpful.

Thanks in advance!

Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is it a virus?

Post by Belahzur on 18th April 2009, 1:49 pm

Please download the current version of HijackThis from [You must be registered and logged in to see this link.]

  • Double click and run the installer.
  • It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
  • After installing, you should get the user agreement, press accept and Hijack This will run.
  • Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is it a virus?

Post by Vladimir on 18th April 2009, 2:47 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:22 μμ, on 18/4/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\infolearnasrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Συνδέσεις
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Βοηθός εισόδου του Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Inicio.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [5af13bb2cb0f6b114e8b1135748975e9] /r
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: AntiSpy Protector.lnk = C:\Program Files\AntiSpyware Protector\AntiSpyProt.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download the &current page with Offline Explorer - [You must be registered and logged in to see this link.] Files\Offline Explorer\Add_AllO.htm
O8 - Extra context menu item: Download using Offline &Explorer - [You must be registered and logged in to see this link.] Files\Offline Explorer\Add_UrlO.htm
O8 - Extra context menu item: Ε&ξαγωγή στο Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Έρευνα - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EL_GR&c=74&bd=smb&pf=desktop
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Unknown owner - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (file missing)
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: INFOlearn Admin Service (INFOlearn_admin_srv) - infolearn - C:\WINDOWS\system32\infolearnasrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Unknown owner - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (file missing)
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Unknown owner - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe

--
End of file - 11659 bytes

Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is it a virus?

Post by Belahzur on 18th April 2009, 4:41 pm

Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O4 - HKCU\..\Run: [5af13bb2cb0f6b114e8b1135748975e9] /r
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is it a virus?

Post by Vladimir on 19th April 2009, 3:50 pm

Sorry for long answering, here you go :

Malwarebytes' Anti-Malware 1.36
Έκδοση βάσης δεδομένων: 2009
Windows 5.1.2600 Service Pack 3

19/4/2009 6:49:42 μμ
mbam-log-2009-04-19 (18-49-42).txt

Τύπος σάρωσης: Γρήγορη σάρωση
Αντικείμενα που σαρώθηκαν: 82412
Χρόνος που έχει διανυθεί: 3 minute(s), 53 second(s)

Μολυσμένες διεργασίες στη μνήμη: 0
Μολυσμένα στοιχεία στη μνήμη: 0
Μολυσμένα κλειδιά στο μητρώο: 2
Μολυσμένες τιμές στο μητρώο: 0
Μολυσμένα αντικείμενα δεδομένων στο μητρώο: 1
Μολυσμένοι φάκελοι: 0
Μολυσμένα αρχεία: 3

Μολυσμένες διεργασίες στη μνήμη:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένα στοιχεία στη μνήμη:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένα κλειδιά στο μητρώο:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c5428486-50a0-4a02-9d20-520b59a9f9b3} (Adware.Shopping.Report) -> Quarantined and deleted successfully.

Μολυσμένες τιμές στο μητρώο:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Μολυσμένα αντικείμενα δεδομένων στο μητρώο:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Μολυσμένοι φάκελοι:
(Δεν εντοπίστηκαν επιβλαβή αντικείμενα)

Infected files :
C:\Documents and Settings\User\Favorites\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Start Menu\MP3 Download.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\TDSSkkdu.log (Trojan.TDSS) -> Quarantined and deleted successfully.

Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is it a virus?

Post by Belahzur on 19th April 2009, 3:52 pm

Hello.

I want to run one more deeper scan since MBAM found a trace of TDSS, but first I want to get an uninstall list.

  • Open HijackThis.
  • When Hijack This opens, click "Open the Misc Tools section"
  • Then select "Open Uninstall Manager"
  • Click on "Save List..." (generates uninstall_list.txt)
  • Click Save, copy and paste the results in your next post.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is it a virus?

Post by Vladimir on 19th April 2009, 3:58 pm

%DeviceDesc%
ABC Amber ICL Converter
Acrobat.com
Acrobat.com
Adobe Acrobat 4.0, 5.0
Adobe AIR
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player ActiveX
Adobe Reader 9.1
AGEIA PhysX v7.03.21
Apple Mobile Device Support
Apple Software Update
Bonjour
Chessmaster Grandmaster Edition
Counter-Strike: Condition Zero
Creative PC-CAM Center
Creative WebCam Monitor
Creative WebCam NX Pro Driver (1.00.06.0512)
Creative WebCam NX Pro User's Guide (English)
EasyPHP 2.0b1
EAX Unified
EB Documentation 1.1
EB Trivial Script 0.125
Europa Barbarorum 1.1
GameSpot Download Manager
Guitar Pro 5.2
HijackThis 2.0.2
Hotfix for Windows Media Format 11 SDK (KB929399)
hp deskjet 3600
HP Help and Support
HP Photo and Imaging 2.0 - Deskjet Series
hp print screen utility
Indeo® Software
Industry Giant 2- Demo
Intel(R) Graphics Media Accelerator Driver
InterVideo Installer
InterVideo WinDVD 4
InterVideo WinDVD Creator
iTunes
Java(TM) 6 Update 13
Lara Croft Tomb Raider: The Angel Of Darkness
LimeWire 5.1.1
Malwarebytes' Anti-Malware
Messenger Plus! Live
MetaProducts Offline Explorer
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Greek Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Language Pack - ELL
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Professional Edition 2003
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.0.8)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML4 Parser
Nero 6 Ultra Edition
NVIDIA Drivers
OpenAL
OpenOffice.org Installer 1.0
Panda ActiveScan 2.0
Panda Antivirus Pro 2009
PDF Complete
PowerDVD
PowerISO
QuickTime
RealPlayer
Realtek High Definition Audio Driver
Recruitment Viewer 0.9
Rome - Total War Complete
Rome - Total War(TM)
Rome Total War - patch 1.3
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
ShaderMark v2.1
Skype™ 3.6
Sony Ericsson PC Suite
Star Wars Jedi Knight Jedi Academy
SubDownloader2
TeamViewer 3
TEST4U EDU setup
TEST4U EDU setup (c:\TEST4U_EDU\)
Tom Clancy's Splinter Cell
Tomb Raider: Legend 1.0
TortoiseSVN 1.4.6.11647 (32 bit)
ubi.com
Video CD HP
Vidmex 1.39
Vista Codec Package
Windows Live installer
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR 3.70 – Εφαρμογή Διαχείρισης Συμπιεσμένων Αρχείων
WinZip
Xfire (remove only)
Yahoo! Internet Mail
Yahoo! Messenger
Βοηθός εισόδου του Windows Live
Βοηθός του digital locker
Ενημερωμένη έκδοση ασφαλείας για Windows XP (KB941569)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player (KB952069)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB936782)
Ενημερωμένη έκδοση ασφαλείας για το Windows Media Player 11 (KB954154)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB938127)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB942615)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB944533)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB950759)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB953838)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB956390)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB958215)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB960714)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB961260)
Ενημέρωση ασφαλείας για Windows Internet Explorer 7 (KB963027)
Ενημέρωση ασφαλείας για Windows XP (KB923561)
Ενημέρωση ασφαλείας για Windows XP (KB923789)
Ενημέρωση ασφαλείας για Windows XP (KB938464)
Ενημέρωση ασφαλείας για Windows XP (KB938464-v2)
Ενημέρωση ασφαλείας για Windows XP (KB946648)
Ενημέρωση ασφαλείας για Windows XP (KB950760)
Ενημέρωση ασφαλείας για Windows XP (KB950762)
Ενημέρωση ασφαλείας για Windows XP (KB950974)
Ενημέρωση ασφαλείας για Windows XP (KB951066)
Ενημέρωση ασφαλείας για Windows XP (KB951376)
Ενημέρωση ασφαλείας για Windows XP (KB951376-v2)
Ενημέρωση ασφαλείας για Windows XP (KB951698)
Ενημέρωση ασφαλείας για Windows XP (KB951748)
Ενημέρωση ασφαλείας για Windows XP (KB952004)
Ενημέρωση ασφαλείας για Windows XP (KB952954)
Ενημέρωση ασφαλείας για Windows XP (KB953839)
Ενημέρωση ασφαλείας για Windows XP (KB954211)
Ενημέρωση ασφαλείας για Windows XP (KB954459)
Ενημέρωση ασφαλείας για Windows XP (KB954600)
Ενημέρωση ασφαλείας για Windows XP (KB955069)
Ενημέρωση ασφαλείας για Windows XP (KB956391)
Ενημέρωση ασφαλείας για Windows XP (KB956572)
Ενημέρωση ασφαλείας για Windows XP (KB956802)
Ενημέρωση ασφαλείας για Windows XP (KB956803)
Ενημέρωση ασφαλείας για Windows XP (KB956841)
Ενημέρωση ασφαλείας για Windows XP (KB957095)
Ενημέρωση ασφαλείας για Windows XP (KB957097)
Ενημέρωση ασφαλείας για Windows XP (KB958644)
Ενημέρωση ασφαλείας για Windows XP (KB958687)
Ενημέρωση ασφαλείας για Windows XP (KB958690)
Ενημέρωση ασφαλείας για Windows XP (KB959426)
Ενημέρωση ασφαλείας για Windows XP (KB960225)
Ενημέρωση ασφαλείας για Windows XP (KB960715)
Ενημέρωση ασφαλείας για Windows XP (KB960803)
Ενημέρωση ασφαλείας για Windows XP (KB961373)
Ενημέρωση για Windows XP (KB951072-v2)
Ενημέρωση για Windows XP (KB951978)
Ενημέρωση για Windows XP (KB955839)
Ενημέρωση για Windows XP (KB967715)
Επείγουσα επιδιόρθωση για Windows Internet Explorer 7 (KB947864)
Επείγουσα επιδιόρθωση για Windows XP (KB952287)
Επείγουσα επιδιόρθωση για το Windows Media Player 11 (KB939683)
Κρίσιμη ενημερωμένη έκδοση για το Windows Media Player 11 (KB959772)

Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is it a virus?

Post by Belahzur on 19th April 2009, 4:06 pm

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

If Limewire is not removed, then I won't help you.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

  • LimeWire 5.1.1

Now lets see what this says.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is it a virus?

Post by Vladimir on 19th April 2009, 4:10 pm

Limewire is removed, here you go :


DDS (Ver_09-03-16.01) - NTFSx86
Run by User at 19:08:41,12 on Κυρ 19/04/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Professional 5.1.2600.3.1253.30.1032.18.2046.1387 [GMT 3:00]

AV: Panda Antivirus Pro 2009 *On-access scanning enabled* (Updated)
FW: Panda Personal Firewall 2009 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\TPSrv.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\PROGRAM FILES\PANDA SECURITY\PANDA ANTIVIRUS PRO 2009\WebProxy.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost -k Panda
C:\WINDOWS\system32\infolearnasrv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsCtrls.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PsImSvc.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\PskSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\pavsrv51.exe
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\AVENGINE.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\Firewall\PSHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Antivirus Pro 2009\ApvxdWin.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\User\Επιφάνεια εργασίας\dds.scr

============== Pseudo HJT Report ===============

uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Βοηθός εισόδου του Windows Live: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [5af13bb2cb0f6b114e8b1135748975e9] /r
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\isuspm.exe" -scheduler
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PDF Complete] "c:\program files\pdf complete\pdfsty.exe"
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\isuspm.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe
mRun: [DeviceDiscovery] c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [APVXDWIN] "c:\program files\panda security\panda antivirus pro 2009\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda antivirus pro 2009\Inicio.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\user\startm~1\f2da~1\599a~1\antisp~1.lnk - c:\program files\antispyware protector\AntiSpyProt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\f2da~1\599a~1\interv~1.lnk - c:\program files\intervideo\common\bin\WinCinemaMgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\f2da~1\599a~1\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: Download the &current page with Offline Explorer - [You must be registered and logged in to see this link.] files\offline explorer\Add_AllO.htm
IE: Download using Offline &Explorer - [You must be registered and logged in to see this link.] files\offline explorer\Add_UrlO.htm
IE: Ε&ξαγωγή στο Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - [You must be registered and logged in to see this link.]
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]

Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is it a virus?

Post by Vladimir on 19th April 2009, 4:10 pm

Continues here :

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - [You must be registered and logged in to see this link.]
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avldr - avldr.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\user\applic~1\mozilla\firefox\profiles\cu6zhwsp.default\
FF - prefs.js: browser.search.defaulturl - [You must be registered and logged in to see this link.]
FF - prefs.js: browser.search.selectedEngine - isoHunt Customized Web Search
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npff_gdm.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 pavboot;Panda boot driver;c:\windows\system32\drivers\pavboot.sys [2009-4-5 28544]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2009-4-14 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2009-4-14 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2009-4-14 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2009-4-14 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2009-4-14 158848]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2009-4-5 41144]
R1 SSHDRV65;SSHDRV65;c:\windows\system32\drivers\SSHDRV65.sys [2008-3-29 120320]
R1 SSHDRV79;SSHDRV79;c:\windows\system32\drivers\SSHDRV79.sys [2008-5-4 75264]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2009-4-14 46720]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 INFOlearn_admin_srv;INFOlearn Admin Service;c:\windows\system32\infolearnasrv.exe [2006-10-6 49152]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda antivirus pro 2009\PsCtrlS.exe [2009-4-5 181504]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2009-4-5 84024]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda antivirus pro 2009\PavFnSvr.exe [2009-4-5 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2009-4-5 179640]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2009-4-5 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda antivirus pro 2009\PAVSRV51.EXE [2009-4-5 288512]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2008-1-10 540184]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda antivirus pro 2009\psksvc.exe [2009-4-5 28928]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2009-4-5 13880]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\system32\drivers\neti1634.sys [2009-2-7 197888]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 P1130VID;Creative WebCam NX Pro;c:\windows\system32\drivers\P1130Vid.sys [2008-2-4 90357]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBEFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*
VBSFile=c:\progra~1\pandas~1\pandaa~1\PAVSCRIP.EXE "%1" %*

=============== Created Last 30 ================

2009-04-19 18:44 --d----- c:\docume~1\user\applic~1\Malwarebytes
2009-04-19 18:44 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-19 18:44 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-19 18:44 --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-19 18:44 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-18 17:47 --d----- c:\program files\Trend Micro
2009-04-15 08:00 1,203,922 -------- c:\windows\system32\dllcache\sysmain.sdb
2009-04-15 08:00 220,672 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-14 20:59 820 a------- c:\windows\SPIDERMAN.INI
2009-04-14 16:45 236,700 a------- c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-04-14 16:45 236,700 a------- c:\windows\system32\drivers\APPFCONT.DAT
2009-04-14 16:45 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-04-14 16:45 1,132 a------- c:\windows\system32\drivers\APPFLTR.CFG
2009-04-14 16:45 52,992 a------- c:\windows\system32\drivers\dsaflt.sys
2009-04-14 16:45 46,720 a------- c:\windows\system32\drivers\wnmflt.sys
2009-04-14 16:45 193,792 a------- c:\windows\system32\drivers\idsflt.sys
2009-04-14 16:45 158,848 a------- c:\windows\system32\drivers\NETFLTDI.SYS
2009-04-14 16:45 73,728 a------- c:\windows\system32\drivers\APPFLT.SYS
2009-04-14 16:45 22,072 a------- c:\windows\system32\drivers\fnetmon.sys
2009-04-10 19:36 1,270 a------- C:\crest2.bmp
2009-04-10 19:32 630 a------- C:\crest.bmp
2009-04-10 16:38 --d----- c:\program files\Made By KIDDIES
2009-04-10 16:36 --d----- c:\program files\Offline Explorer
2009-04-05 16:28 13,880 a------- c:\windows\system32\drivers\COMFiltr.sys
2009-04-05 16:26 84,024 a------- c:\windows\system32\drivers\pavdrv51.sys
2009-04-05 16:26 249 a------- c:\windows\system32\PavCPL.dat
2009-04-05 16:26 54,832 a------- c:\windows\system32\pavcpl.cpl
2009-04-05 16:25 193,280 a------- c:\windows\system32\TpUtil.dll
2009-04-05 16:25 107,568 a------- c:\windows\system32\SYSTOOLS.DLL
2009-04-05 16:25 87,296 a------- c:\windows\system32\PavLspHook.dll
2009-04-05 16:25 55,552 a------- c:\windows\system32\pavipc.dll
2009-04-05 16:25 520,448 a------- c:\windows\system32\PavSHook.dll
2009-04-05 16:25 --d----- c:\windows\system32\PAV
2009-04-05 16:25 --d----- c:\program files\Panda Security
2009-04-05 16:23 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-04-05 16:23 179,640 a----r-- c:\windows\system32\drivers\PavProc.sys
2009-04-05 16:23 41,144 a----r-- c:\windows\system32\drivers\ShlDrv51.sys
2009-04-05 16:23 --d----- c:\program files\common files\Panda Security
2009-03-21 17:07 1,085,440 -------- c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-19 18:53 515,456 a------- c:\windows\system32\perfh008.dat
2009-04-19 18:53 88,738 a------- c:\windows\system32\perfc008.dat
2009-03-09 05:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-06 17:20 287,232 a------- c:\windows\system32\pdh.dll
2009-03-06 17:20 287,232 -------- c:\windows\system32\dllcache\pdh.dll
2009-03-03 03:10 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 03:10 826,368 -------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 07:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 13:20 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 13:20 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-02-20 08:14 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2009-02-10 19:05 2,073,088 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-10 19:05 2,073,088 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-09 20:45 412,672 a------- c:\windows\system32\CF17285.exe
2009-02-09 17:05 1,847,040 a------- c:\windows\system32\win32k.sys
2009-02-09 17:05 1,847,040 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-09 14:23 2,196,096 a------- c:\windows\system32\ntoskrnl.exe
2009-02-09 14:23 2,196,096 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-02-09 14:23 2,031,104 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-02-09 14:23 2,152,448 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-09 14:23 111,104 a------- c:\windows\system32\services.exe
2009-02-09 14:23 111,104 -------- c:\windows\system32\dllcache\services.exe
2009-02-09 13:52 751,104 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:52 737,280 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:52 692,224 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:52 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 13:52 751,104 -------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 13:52 737,280 -------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 13:52 692,224 -------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 13:52 473,600 -------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 13:52 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-02-09 13:52 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-02-06 13:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 13:39 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-02-06 13:10 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-02-03 22:57 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 22:57 56,832 -------- c:\windows\system32\dllcache\secur32.dll
2008-02-05 15:25 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-01-15 16:12 80 ---shr-- c:\windows\system32\6689857412.dll
2008-09-16 01:00 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008091620080917\index.dat

============= FINISH: 19:09:17,90 ===============

Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is it a virus?

Post by Belahzur on 19th April 2009, 4:27 pm

Please download the [You must be registered and logged in to see this link.].

  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it.
  • Copy the bolded text below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :files
    C:\Documents and Settings\User\Επιφάνεια εργασίας\dds.scr
    c:\program files\dna

    :reg
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BitTorrent DNA"=-
    "5af13bb2cb0f6b114e8b1135748975e9"=-


  • Return to OTMoveIt3, right click in the "Paste instructions for items to be Moved" window (under the light blue bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please post the OTMoveIt log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is it a virus?

Post by Vladimir on 19th April 2009, 4:30 pm

Here you go :

========== FILES ==========
C:\Documents and Settings\User\Επιφάνεια εργασίας\dds.scr moved successfully.
c:\program files\DNA\plugins moved successfully.
c:\program files\DNA moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\5af13bb2cb0f6b114e8b1135748975e9 deleted successfully.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 04192009_193005

I will have to go, so I will have to continue tomorrow. I'll be looking forward to your reply!

Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is it a virus?

Post by Belahzur on 19th April 2009, 4:33 pm

We can remove OTMoveIt now.

  • Please double-click OTMoveIt3.exe to run it again.
  • Press the green CleanUp! button.
  • Press Yes cleanup process prompt, do the same for the reboot prompt.
How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is it a virus?

Post by Vladimir on 20th April 2009, 4:21 pm

Hi,

I did what you said. I think it's a whole better now, the only problem I had was on when I started the pc. It wanted 1-2-3 minutes to load. In the past I didn't need 1-2-3 mins to load the pc but I guess that now my Hard disk is kidna loaded at 2,5/3 Cheesy Grin (sparkly

So are we done bro? Play the game

Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30538
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Is it a virus?

Post by Belahzur on 20th April 2009, 5:19 pm

Is that when it's got to the welcome page or while it's loading the BIOS?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245101
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Is it a virus?

Post by Vladimir on 21st April 2009, 12:00 pm

Hi,

It's after the welcome page. At the past ( before we do what we did now ) it was opening "system32" folder and I had to close it to keep it loading all others, now this is fixed. Don't imagine a big lag but it lags a bit. It may be my Hard disk that it's almost full but I want to be sure of it...

Thanks for helping me for another one time bro Cheers Mate



Vladimir
Senior
Senior

Posts Posts : 219
Joined Joined : 2009-02-09
Gender Gender : Male
OS OS : Windows XP SP3
Points Points : 30538
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum