# Panda won't scan



## Carine (Apr 16, 2006)

Hi People,

It has been a while and was pleased about that, it meant no problems  , but I have a new laptop and I have updated Panda Virusscan but it just won't scan. It'll say connecting to the server, it will start scanning for a couple of files and then jams every single time. I'm a little worried about it. Is it a setting that might be wrong? 

Where are safe internet online scans I can do to see if I have something or another? Or do I need to make a seperate thread for that question in the malware forum? I am not really sure it is malware hence I posted here.

Hope somebody can help me out!

Have a nice evening


----------



## blitzkreig (Mar 6, 2009)

dear carine,
two online scans I highly recommend
http://www.bitdefender.com/scan8/ie.html (requires internet explorer)

http://www.kaspersky.com/kos/english/languages/english/check.html?n=1241632451061

remember to disable your existing anivirus before you run a scan.
If anything noteworthy is found please bring it to our notice
also, please post a hijackthis log


----------



## Carine (Apr 16, 2006)

How do I do a Hijack log again? Like I said it's been a while.

I will go ahead and try the scans tomorrow. Thank you for the quick reply!

Greetzz


----------



## blitzkreig (Mar 6, 2009)

please, run a can tomorrow
after which I shall help you on how to get a hijack this log

btw, i see you're from Germany and i start leaning German from tomorrow  (im from india)


----------



## golferbob (May 18, 2004)

are you running the new IE-8 ?


----------



## Carine (Apr 16, 2006)

@ golferbob: not that I know off. How do I check?


----------



## blitzkreig (Mar 6, 2009)

*Hi carine,
*Open internet explorer click on help which is at the top, then navigate to the last option 'about'. U'll see if it is internet explorer 7 or 8


----------



## Carine (Apr 16, 2006)

Ok found it, it's IE 7 does that help?


----------



## blitzkreig (Mar 6, 2009)

Well sorry can't really comment on whether it would help or not 
did you try those online scans I recommend in post #2


----------



## Carine (Apr 16, 2006)

Yeah it freaked me out :| bitdefender won't work it says i'm not the administrator eventhough I am, I even checked. Kaspersky was running and then my screen went blue for a couple of seconds I did see something about if you have never seen this before bla bla bla.... scared me badly... any idea?


----------



## blitzkreig (Mar 6, 2009)

probably a malware is hindering the scans.


----------



## blitzkreig (Mar 6, 2009)

I recommend a complete formatting of your hard disk drive and then reinstalling windows... remember to back up your important data


----------



## Carine (Apr 16, 2006)

ow dear...anything less drastic I can try first?


----------



## blitzkreig (Mar 6, 2009)

This malware seems to be hindering your antivirus program too, if this malware keeps lurking, you're headed to one big disaster (please don't mistake me)

BTW: Does panda update?


----------



## Carine (Apr 16, 2006)

well how do I procede then? 

Yes it does let me update I think. It does keep say the new date etc.

I also have problems signing into Hyves.nl a sort of facebook but Dutch. It keeps saying my password doesn't match the username eventhough I am 100% sure it is correct, could this also be because of that?

I am actually scanning the hard disk right now...ow wait it jammed again 

What kind of malware are you thinking about? Could you explain a bit more? I'm not really a very technical person 

Thanx for all the help so far!


----------



## Kenny94 (Dec 16, 2004)

Hi Carine

*Click here* to download *HJTInstall.exe*

Save *HJTInstall.exe* to your desktop.
Doubleclick on the *HJTInstall.exe* icon on your desktop.
By default it will install to *C:\Program Files\Trend Micro\HijackThis* . 
Click on *Install*.
It will create a HijackThis icon on the desktop.
Once installed, it will launch *Hijackthis*.
Click on the *Do a system scan and save a logfile* button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
*DO NOT* have Hijackthis fix anything yet. Most of what it finds will be harmless or even required. 

Also, I would like you to generate a "Add/Remove Software list" log using the HijackThis application. Here is how you can do this:

To get an Uninstall List from HijackThis:

Open HijackThis, click Config, click Misc Tools
Click "*Open Uninstall Manager*"
Click "Save List" (generates *uninstall_list.txt*)
Click Save, copy and paste the results in your next post.

In your next reply, please include these log(s):

** HijackThis Uninstall List
* HijackThis log (new)*


----------



## blitzkreig (Mar 6, 2009)

There are millions of malware that could hinder the smooth functioning of your computer. So I really can't say with proper accuracy.
Why don't you boot on safe mode and try running a scan?


----------



## blitzkreig (Mar 6, 2009)

And remember never to scan your computer with your internet turned on


----------



## blitzkreig (Mar 6, 2009)

Yeah also run a hijackthis log as kenny94 said, its important at this juncture


----------



## Carine (Apr 16, 2006)

Here's my hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:53:12, on 7-5-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\ApVxdWin.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PAVJOBS.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\PAVJOBS.EXE
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.people.com/people/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O13 - Gopher Prefix: 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} (JamShellLinkX Control) - http://91.184.8.42/applet/SWHTTPUploaderProj.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14226 bytes


----------



## Carine (Apr 16, 2006)

And the Uninstall list:

2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware
Ad-Aware
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Dreamweaver CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Reader 8.1.0
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe XMP Panels CS4
Apple Mobile Device Support
Apple Software Update
BitComet 1.07
Bonjour
Choice Guard
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Connect
CyberLink YouCam
DVD Suite
ESU for Microsoft Vista
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
HDAUDIO Soft Data Fax Modem with SmartCP
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 2.0.2
HP Customer Experience Enhancements
HP Doc Viewer
HP Easy Setup - Frontend
HP Help and Support
HP Integrated Module with Bluetooth wireless technology 6.0.1.5500
HP Quick Launch Buttons 6.30 E1
HP QuickPlay 3.6
HP QuickTouch 1.00 C4
HP Update
HP User Guides 0090
HP Wireless Assistant
iTunes
Java(TM) 6 Update 11
Java(TM) 6 Update 2
kuler
LabelPrint
Marvell Miniport Driver
Media Player Codec Pack 3.2.0
Meet Your Computer
Microsoft Office Excel MUI (Dutch) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (Dutch) 2007
Microsoft Office PowerPoint MUI (Dutch) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (Dutch) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (German) 2007
Microsoft Office Proofing (Dutch) 2007
Microsoft Office Shared MUI (Dutch) 2007
Microsoft Office Word MUI (Dutch) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MSCU for Microsoft Vista
MSVCRT
MSXML 4.0 SP2 (KB954430)
NetWaiting
NVIDIA Drivers
Panda Internet Security 2009
Photoshop Camera Raw
PHPRunner 5.0
Power2Go
PowerDirector
QuickPlay SlingPlayer 0.4.4
QuickTime
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.52.02
Search Settings 1.2
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB960003)
Security Update for Microsoft Office Excel 2007 (KB959997)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
SNAPFISH
Suite Shared Configuration CS4
Ticket to Ride Online 1.1.3
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update voor Microsoft Office Excel 2007 Help (KB963678)
Update voor Microsoft Office Powerpoint 2007 Help (KB963669)
Update voor Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver


----------



## Phantom010 (Mar 9, 2009)

The only suspicious entry I can find is this one:

*O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe*
 

What do you think guys?

Carine, if you don't need SearchSettings 1.2, perhaps you should consider removing it from Add/Remove programs?


----------



## Kenny94 (Dec 16, 2004)

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)

*Next*

Please download *ATF Cleaner* by Atribune.


Double-click *ATF-Cleaner.exe* to run the program. 
Under *Main* choose: *Select All* 
Click the *Empty Selected* button. 

Click *Exit* on the Main menu to close the program.








Please download Malwarebytes' Anti-Malware from *Here*.

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to *Update Malwarebytes' Anti-Malware* and *Launch Malwarebytes' Anti-Malware*, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "*Perform Quick Scan*", then click *Scan*.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that *everything is checked*, and click *Remove Selected*.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.
Extra Note:

*If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.*


----------



## Carine (Apr 16, 2006)

Ok so I did the first part and ran a new hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52:05, on 7-5-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\ApVxdWin.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PAVJOBS.EXE
C:\Program Files\Panda Security\Panda Internet Security 2009\PAVJOBS.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10b.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.people.com/people/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MRT] "C:\Windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O13 - Gopher Prefix: 
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} (JamShellLinkX Control) - http://91.184.8.42/applet/SWHTTPUploaderProj.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13357 bytes


----------



## Kenny94 (Dec 16, 2004)

> Ok so I did the first part and ran a new hijackthis log:


OK, and the MBAM report?


----------



## Carine (Apr 16, 2006)

I'm going to do that now...


----------



## Carine (Apr 16, 2006)

Uh oh.....

Malwarebytes' Anti-Malware 1.36
Database version: 2089
Windows 6.0.6001 Service Pack 1

7-5-2009 20:00:49
mbam-log-2009-05-07 (20-00-49).txt

Scan type: Quick Scan
Objects scanned: 70687
Time elapsed: 4 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\videosoft (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\resycled (Trojan.DNSChanger) -> Quarantined and deleted successfully.

Files Infected:
(No malicious items detected)


----------



## Kenny94 (Dec 16, 2004)

> I'm going to do that now...


:up: That the main one I want to see. And we''ll remove the rest of "Search Settings" But I want to see the MBAM report...


----------



## Carine (Apr 16, 2006)

it's right above your post


----------



## blitzkreig (Mar 6, 2009)

my suspicion was right
your pc was infected by the trojan dns hijacker


----------



## Carine (Apr 16, 2006)

oh dear...and what damage did that do??? Is it gone now?


----------



## Kenny94 (Dec 16, 2004)

MBAM pick up a Trojan.DNSChanger. We need a bigger hammer....

Download ComboFix from *Here* to your Desktop.

***Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer***
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.


*Very Important!* *Temporarily disable* your *anti-virus* and *anti-malware* real-time protection and any *script blocking components of them or your firewall*_* before* _performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause _"unpredictable results" or stop combofix running at all_
Click on *THIS LINK * to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
*Remember to re enable the protection again after combofix has finished*
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running 
Double click on *combofix.exe* & follow the prompts.​If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this 
When finished, it will produce a report for you. 
Please post the *"C:\ComboFix.txt" *along with a *new HijackThis log* for further review

*****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze *****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read  HERE  why we disable autoruns

*Please do not install any new programs or update anything unless told to do so while we are fixing your problem. *


----------



## blitzkreig (Mar 6, 2009)

do as kenny94 says


----------



## Kenny94 (Dec 16, 2004)

Hey Guys we're going to the pool so, I'll be back later...


----------



## Carine (Apr 16, 2006)

ok i'll be off to bed later...am in europe so will check back in tomorrow...

Once again thank you so so much for helping me out!

greetzzz and enjoy the pool!


----------



## Phantom010 (Mar 9, 2009)

Kenny94 said:


> Hey Guys we're going to the pool so, I'll be back later...


Enjoy the pool Kenny94!!!


----------



## Kenny94 (Dec 16, 2004)

Phantom010 said:


> Enjoy the pool Kenny94!!!


LOL Phantom010.....


----------



## Carine (Apr 16, 2006)

uhm it won't let me download the combofix.... I'll restart and try again...

Ow I do however whenever I try to click on a link get an error message saying "another program is currently using that file" with a path: C:\progra~1\Java\jre6\bin\ssvagent.exe never had this before this happened since yesterday with all the other things you asked me to do


----------



## Carine (Apr 16, 2006)

it jams at 99%


----------



## Kenny94 (Dec 16, 2004)

Hi Carine


Rename combofix to Combo-Fix.exe please and run it...


----------



## Carine (Apr 16, 2006)

But it won't let me download so I can't rename it.


----------



## Kenny94 (Dec 16, 2004)

Sounds like Java is trying to update. Lets do this:

Please download *JavaRa* to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts. 
Open JavaRa.exe again and select *Search For Updates*.
Select *Update Using Sun Java's Website* then click Search and click on the *Open Webpage* button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Then reboot your computer and then try to Download ComboFix Carine


----------



## Carine (Apr 16, 2006)

I did all of the above but it still won't download. It jams at 99% startin to get irritated by it....will throwing the computer across the room help????


----------



## Carine (Apr 16, 2006)

Please please somebody help me!


----------



## blitzkreig (Mar 6, 2009)

format ur entire hard disk and reinstall windows
best solution according to me. Back up ur important data before you do this.


----------



## Carine (Apr 16, 2006)

Come on there has to be another way? This is next to impossible for me....

Please!?!


----------



## Kenny94 (Dec 16, 2004)

Hi Carine..

I never received your reply..... Sorry...

Please download SUPERAntiSpyware Home Edition (free version)
Install it and double-click the icon on your desktop to run it.
It will ask if you want to update the program definitions, click *Yes*.
Under *Configuration and Preferences*, click the Preferences button.
Click the *Scanning Control* tab.
Under *Scanner Options* make sure the following are checked:
Close browsers before scanning
Scan for tracking cookies
Terminate memory threats before quarantining.
*Please leave the others unchecked.*
Click the Close button to leave the control center screen.

On the main screen, under *Scan for Harmful Software* click *Scan your computer*.
On the left check *C:\Fixed Drive*.
On the right, under Complete Scan, choose *Perform Complete Scan*.
Click *Next* to start the scan. Please be patient while it scans your computer.
After the scan is complete a summary box will appear. Click *OK*.
Make sure everything in the white box has a check next to it, then click *Next*.
It will quarantine what it found and if it asks if you want to reboot, click *Yes*.
To retrieve the removal information for me please do the following:
After reboot, double-click the SUPERAntispyware icon on your desktop.
Click *Preferences*. Click the *Statistics/Logs* tab.
Under Scanner Logs, double-click *SUPERAntiSpyware Scan Log*.
It will open in your default text editor (such as Notepad/Wordpad).
Please highlight everything in the notepad, then right-click and choose *copy*.

Click close and close again to exit the program.
Save the log information. And paste this info along with your HijackThis log.


----------



## Carine (Apr 16, 2006)

Here is a report from some sort of program that ran apparantly:

Also Known As:
Trojan.TDss.AE (BitDefender) 
Summary
Trojan:WinNT/Alureon.C is a generic detection for encrypted rootkit drivers that are used to hidden processes and the registry entry associated with it.

For more information, please refer to the WinNT/Alureon description.
Symptoms
There are no common symptoms associated with this threat. Alert notifications from installed antivirus software may be the only symptom(s).
Technical Information
Trojan:WinNT/Alureon.C is a generic detection for encrypted rootkit drivers that are used to hidden processes and the registry entry associated with it.

---------------------------------------------------------
Here the Superantispyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/17/2009 at 10:49 PM

Application Version : 4.26.1002

Core Rules Database Version : 3897
Trace Rules Database Version: 1844

Scan type : Complete Scan
Total Scan Time : 06:04:28

Memory items scanned : 852
Memory threats detected : 0
Registry items scanned : 7045
Registry threats detected : 8
File items scanned : 470478
File threats detected : 0

Rogue.Component/Trace
HKLM\Software\Classes\MSQPDXVX
HKLM\Software\Classes\MSQPDXVX#msqpdxrun
HKLM\Software\Classes\MSQPDXVX#msqpdxpff
HKLM\Software\Classes\MSQPDXVX#msqpdxaff
HKLM\Software\Classes\MSQPDXVX#msqpdxinfo
HKLM\Software\Classes\MSQPDXVX#msqpdxid
HKLM\Software\Classes\MSQPDXVX#msqpdxsrv
HKLM\Software\Classes\MSQPDXVX#msqpdxpos
-------------------------------------------------------------
And Hjt log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:59:32, on 18-5-2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18226)
Boot mode: Normal

Running processes:
C:\PROGRAM FILES\PANDA SECURITY\PANDA INTERNET SECURITY 2009\WebProxy.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Search Settings\SearchSettings.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\ApVxdWin.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\PavBckPT.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Security\Panda Internet Security 2009\avciman.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.people.com/people/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=81&bd=Pavilion&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=81&bd=Pavilion&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb127\SearchSettings.dll
O3 - Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - (no file)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2009\Inicio.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Verzenden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Verz&enden naar OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.8.7.dll/206 (file missing)
O13 - Gopher Prefix: 
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/VistaMSNPUplden-us.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} (JamShellLinkX Control) - http://91.184.8.42/applet/SWHTTPUploaderProj.cab
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Mobiel Apple apparaat (Apple Mobile Device) - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour-service (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod-service (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Panda Software Controller - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
O23 - Service: Panda On-Access Anti-Malware Service (PAVSRV) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\pavsrvx86.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\program files\panda security\panda internet security 2009\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PsImSvc.exe
O23 - Service: Panda PSK service (PskSvcRetail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\PskSvc.exe
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2009\TPSrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 14288 bytes

Hope this helps you to help me!


----------



## Kenny94 (Dec 16, 2004)

Can you download combofix now? If so, please post it as well with gmer...

Download gmer rootkit detector from http://gmer.net

unzip it & double click the gmer.exe file

select rootkit tab & press scan

when it has finished press copy & post back the log it makes


----------



## Carine (Apr 16, 2006)

No still wont download combofix 

The other one is busy...


----------



## Carine (Apr 16, 2006)

GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-19 16:49:33
Windows 6.0.6001 Service Pack 1

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs ShlDrv51.sys (PandaShield driver/Panda Security, S.L.)

AttachedDevice \FileSystem\Ntfs \Ntfs pavboot.sys (Panda Boot Driver/Panda Security, S.L.)
AttachedDevice \FileSystem\Ntfs \Ntfs av5flt.sys
AttachedDevice \Driver\tdx \Device\Tcp NETFLTDI.SYS
AttachedDevice \Driver\tdx \Device\Udp NETFLTDI.SYS

---- EOF - GMER 1.0.15 ----


----------



## Kenny94 (Dec 16, 2004)

The GMER looks like it was cut off... Can you post it again please.


----------



## Carine (Apr 16, 2006)

Ok I am not liking this GMER, I ran it 4 times and it keeps jamming my computer, then a blue screen appears and my computer needs to be restarted. It did find a lot of things before it crashes, not sure if that's bad. I got this message from windows:

Problem signature:
Problem Event Name:	BlueScreen
OS Version:	6.0.6001.2.1.0.768.3
Locale ID:	1043

Additional information about the problem:
BCCode:	1000008e
BCP1:	C0000005
BCP2:	81C6D842
BCP3:	A2B43A54
BCP4:	00000000
OS Version:	6_0_6001
Service Pack:	1_0
Product:	768_1

Files that help describe the problem:
C:\Windows\Minidump\Mini052109-02.dmp
C:\Users\Carine\AppData\Local\Temp\WER-58344-0.sysdata.xml
C:\Users\Carine\AppData\Local\Temp\WER9FC7.tmp.version.txt


----------



## Kenny94 (Dec 16, 2004)

Click *here* to download *Dr.Web CureIt *and save it to your desktop.

Doubleclick the *drweb-cureit.exe *file, then on *Start* and allow to run the express scan
This will scan the files currently running in memory and when something is found, click the *yes* button when it asks you if you want to cure it. This is only a short scan.
Once the short scan has finished, chose the *Complete Scan*.
Click the green arrow at the right, and the scan will start.
Click *'Yes to all' *if it asks if you want to cure/move the file.
When the scan has finished, look if you can click next icon next to the files found: 








If so, click it and then click the next icon right below and select Move incurable as you'll see in next image: 








This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
After selecting, in the *Dr.Web CureIt *menu on top, click file and choose save report list
Save the report to your desktop. The report will be called *DrWeb.csv*
*Close Dr.Web Cureit*.
Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.


----------



## Carine (Apr 16, 2006)

I take it I had to post the report? I translated the important words, they are in brackets.

ComboFix[1].exe/data002\32788R22FWJFW\FIND3M.bat	C:\Documents and Settings\Carine\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU75	Waarschijnlijk (probably) BATCH.Virus

ComboFix[1].exe/data002\32788R22FWJFW\psexec.cfexe	C:\Documents and Settings\Carine\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU75	Program.PsExec.171

data002	C:\Documents and Settings\Carine\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU75	Archief bevat geïnfecteerde objecten	(archive has infected objects)

ComboFix[1].exe	C:\Documents and Settings\Carine\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\LU75	Container contains infected objects	Verplaatst. (moved)

tmpB4C0.tmp	C:\Documents and Settings\Carine\AppData\Local\Application Data\Temp	Trojan.Starter.896	Niet repareerbaar.Verplaatst. (unrepairable, moved)

tmpB4C0.tmp	C:\Documents and Settings\Carine\DoctorWeb\Quarantine	Trojan.Starter.896	Niet repareerbaar.Verplaatst. (unrepairable, moved)


----------



## Kenny94 (Dec 16, 2004)

Can you run/download ComboFix now?


----------



## Carine (Apr 16, 2006)

Nope


----------



## Kenny94 (Dec 16, 2004)

Download the *HostsXpert 4.2 - Hosts File Manager*.

Unzip HostsXpert 4.2 - Hosts File Manager to a convenient folder such as C:\HostsXpert 4.2 - Hosts File Manager
Run HostsXpert 4.2 - Hosts File Manager from its new home
Click on "File Handling".
Click on "Restore MS Hosts File".
Click OK on the Confirmation box.
Click on "Make Read Only?"
Click the X to exit the program.
Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.

Then try ComboFix to download...


----------



## Kenny94 (Dec 16, 2004)

Download Combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe


----------



## Carine (Apr 16, 2006)

It won't let me restore MS Hosts file. It says it's a dangerous operation and quits the program.

Combofix still won't download I also tried the new link.

It's really really frustrating


----------



## Kenny94 (Dec 16, 2004)

Have you never used ComboFix before on this computer?


----------



## blitzkreig (Mar 6, 2009)

could it be a possibility that panda is blocking it?
Coz I have heard combofix is sometimes regarded as malware.


----------



## Kenny94 (Dec 16, 2004)

No, Combofix will not hinder panda or any scans, but DrWeb.csv shows Combofix but, in temp. Could be from where she try to download it?


----------



## blitzkreig (Mar 6, 2009)

could be.
Kenny94, I really feel she should format her hard drive, I maybe wrong.
Its my theory that certain malware don't really leave ur computer completely.


----------



## Kenny94 (Dec 16, 2004)

Yes, srprashant, If a computer is infected with the Win32.Virut virus. The best thing to do is backup your data, mail, pictures, etc. and FDISK, FORMAT, and re-install Windows.

This virus will affect every executable file on your system. Dr Web and other AV applications attempt to fix it but most of us feel it's a lost cause. You can spend days on trying to fix the damage and still not know if it's really ever been fixed and you'll never be able trust this box for stuff like Banking or other personal data transactions. But in case there's no sign of Virut. This is the only one I ask the user to FORMAT. Or if the user registry is corrupted from malware and registry cleaners.... 

Carine, Please do the following&#8230;.. From a clean computer download ComboFix to a flash drive. Look at post #32 instructions Also, print out or save these instructions into note pad on a flash drive. (so you can see how to run the tools). If you can't save it to the desktop of the infected computer, you can run it right off of the flash drive. And post ComboFix log here....


----------



## Carine (Apr 16, 2006)

Maybe a very blond reaction but what is a flash drive???


----------



## blitzkreig (Mar 6, 2009)

A flash drive is an external form of data storage, something like your cd or dvd roms. The flash drives are to be connected to your computer's usb port.


----------



## Carine (Apr 16, 2006)

So a USB stick would be ok too?


----------



## blitzkreig (Mar 6, 2009)

yeah it would do.


----------



## Carine (Apr 16, 2006)

ok i'll go try that tonight. thanx for all the help


----------



## Kenny94 (Dec 16, 2004)

Thanks srprashant...


----------



## Kenny94 (Dec 16, 2004)

And Happy Birthday srprashant...

Carine your not blond........ Look forward to see your log..:up:


----------



## blitzkreig (Mar 6, 2009)

Thanks kenny94, thanks a lot


----------



## Carine (Apr 16, 2006)

oh yes I am blond too


----------



## Carine (Apr 16, 2006)

This what you need????????

ComboFix 09-05-29.01 - Carine 30-05-2009 16:07.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.31.1033.18.3069.1910 [GMT 2:00]
Gestart vanuit: F:\ComboFix.exe
AV: Panda Internet Security 2009 *On-access scanning disabled* (Updated) {4570FB70-5C9E-47E9-B16C-A3A6A06C4BF0}
FW: Panda Personal Firewall 2009 *disabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Panda Internet Security 2009 *disabled* (Updated) {FE6602D3-1E71-4EBB-B4E3-D1C9CBDAF0A1}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\KBL.LOG
D:\Desktop.ini
D:\resycled

.
(((((((((((((((((((( Bestanden Gemaakt van 2009-04-28 to 2009-05-30 ))))))))))))))))))))))))))))))
.

2009-05-30 14:13 . 2009-05-30 14:13	--------	d-----w	c:\users\Carine\AppData\Local\temp
2009-05-30 10:30 . 2009-05-06 18:06	4784464	----a-w	c:\programdata\Microsoft\Windows Defender\Definition Updates\{227BEC27-947A-46B6-9675-7508C7322629}\mpengine.dll
2009-05-22 09:40 . 2009-05-22 09:40	--------	d-----w	C:\HostsExpert
2009-05-21 12:42 . 2009-05-21 12:59	--------	d-----w	c:\users\Carine\DoctorWeb
2009-05-17 14:37 . 2009-05-30 14:03	117760	----a-w	c:\users\Carine\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-17 14:36 . 2009-05-17 14:36	--------	d-----w	c:\programdata\SUPERAntiSpyware.com
2009-05-17 14:36 . 2009-05-17 14:36	--------	d-----w	c:\program files\SUPERAntiSpyware
2009-05-17 14:36 . 2009-05-17 14:36	--------	d-----w	c:\users\Carine\AppData\Roaming\SUPERAntiSpyware.com
2009-05-17 14:35 . 2009-05-17 14:35	--------	d-----w	c:\program files\Common Files\Wise Installation Wizard
2009-05-12 12:28 . 2009-05-12 12:28	--------	d-----w	c:\users\Carine\AppData\Local\Adobe
2009-05-11 17:56 . 2009-05-11 17:56	--------	d-----w	c:\program files\Common Files\Macrovision Shared
2009-05-11 14:23 . 2009-05-11 14:24	--------	d-----w	c:\program files\Photoshop 6.0
2009-05-11 09:11 . 2009-05-11 09:11	--------	d-----w	c:\users\Carine\AppData\Local\Apple
2009-05-07 17:55 . 2009-05-07 17:55	--------	d-----w	c:\users\Carine\AppData\Roaming\Malwarebytes
2009-05-07 17:55 . 2009-04-06 13:32	15504	----a-w	c:\windows\system32\drivers\mbam.sys
2009-05-07 17:55 . 2009-04-06 13:32	38496	----a-w	c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-07 17:55 . 2009-05-07 18:00	--------	d-----w	c:\program files\Malwarebytes' Anti-Malware
2009-05-07 17:55 . 2009-05-07 17:55	--------	d-----w	c:\programdata\Malwarebytes
2009-05-07 16:52 . 2009-05-07 16:52	--------	d-----w	c:\program files\Trend Micro
2009-05-07 16:23 . 2009-05-07 16:22	64160	----a-w	c:\windows\system32\drivers\Lbd.sys
2009-05-07 16:14 . 2009-05-07 16:14	--------	dc-h--w	c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-07 16:14 . 2009-03-12 08:17	2902048	-c--a-w	c:\programdata\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-05-07 16:14 . 2009-05-07 16:23	--------	d-----w	c:\programdata\Lavasoft
2009-05-07 16:14 . 2009-05-07 16:14	--------	d-----w	c:\program files\Lavasoft
2009-05-07 14:25 . 2009-05-07 14:29	--------	d-----w	c:\windows\BDOSCAN8

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-30 14:05 . 2009-01-21 16:45	1132	----a-w	c:\windows\system32\drivers\APPFLTR.CFG.bck
2009-05-30 14:05 . 2009-01-21 16:45	1132	----a-w	c:\windows\system32\drivers\APPFLTR.CFG
2009-05-30 11:09 . 2008-04-20 20:39	12	----a-w	c:\windows\bthservsdp.dat
2009-05-22 10:22 . 2009-01-21 16:45	258816	----a-w	c:\windows\system32\drivers\APPFCONT.DAT.bck
2009-05-22 10:22 . 2009-01-21 16:45	258816	----a-w	c:\windows\system32\drivers\APPFCONT.DAT
2009-05-16 14:37 . 2008-11-23 15:45	--------	d-----w	c:\programdata\Microsoft Help
2009-05-16 14:35 . 2006-11-02 11:18	--------	d-----w	c:\program files\Windows Mail
2009-05-11 17:58 . 2008-11-20 17:32	--------	d-----w	c:\program files\Common Files\Adobe
2009-05-11 09:17 . 2008-12-18 15:21	410984	----a-w	c:\windows\system32\deploytk.dll
2009-05-11 09:17 . 2008-01-25 03:21	--------	d-----w	c:\program files\Java
2009-05-08 13:30 . 2009-02-02 14:19	7592	----a-w	c:\users\Carine\AppData\Local\d3d9caps.dat
2009-05-07 16:22 . 2009-05-07 16:22	299352	----a-w	c:\programdata\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-04-29 15:07 . 2008-11-25 15:03	--------	d-----w	c:\users\Carine\AppData\Roaming\Download Manager
2009-04-29 14:51 . 2009-04-29 14:50	--------	d-----w	c:\program files\Ticket to Ride Online
2009-04-13 13:24 . 2008-12-08 12:25	--------	d-----w	c:\programdata\hps
2009-04-13 11:00 . 2009-04-13 11:00	--------	d-----w	c:\program files\Fotoservice
2009-04-05 12:18 . 2009-03-25 15:40	--------	d-----w	c:\program files\Google
2009-04-02 15:37 . 2009-04-02 15:37	1915520	----a-w	c:\users\Carine\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe
2009-04-02 15:12 . 2009-04-02 15:09	--------	d-----w	c:\program files\Windows Live
2009-04-02 15:10 . 2009-04-02 15:10	--------	d-----w	c:\program files\Microsoft
2009-04-02 15:09 . 2009-04-02 15:09	--------	d-----w	c:\program files\Windows Live SkyDrive
2009-04-02 15:04 . 2009-04-02 15:04	--------	d-----w	c:\program files\Common Files\Windows Live
2009-03-17 16:07 . 2009-01-21 16:43	87296	----a-w	c:\windows\system32\PavLspHook.dll
2009-03-17 03:38 . 2009-04-16 14:22	13824	----a-w	c:\windows\system32\apilogen.dll
2009-03-17 03:38 . 2009-04-16 14:22	24064	----a-w	c:\windows\system32\amxread.dll
2009-03-03 04:46 . 2009-04-16 14:22	3599328	----a-w	c:\windows\system32\ntkrnlpa.exe
2009-03-03 04:46 . 2009-04-16 14:22	3547632	----a-w	c:\windows\system32\ntoskrnl.exe
2009-03-03 04:40 . 2009-04-16 14:21	827392	----a-w	c:\windows\system32\wininet.dll
2009-03-03 04:39 . 2009-04-16 14:22	183296	----a-w	c:\windows\system32\sdohlp.dll
2009-03-03 04:39 . 2009-04-16 14:22	551424	----a-w	c:\windows\system32\rpcss.dll
2009-03-03 04:39 . 2009-04-16 14:22	26112	----a-w	c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 04:37 . 2009-04-16 14:21	78336	----a-w	c:\windows\system32\ieencode.dll
2009-03-03 04:37 . 2009-04-16 14:22	98304	----a-w	c:\windows\system32\iasrecst.dll
2009-03-03 04:37 . 2009-04-16 14:22	54784	----a-w	c:\windows\system32\iasads.dll
2009-03-03 04:37 . 2009-04-16 14:22	44032	----a-w	c:\windows\system32\iasdatastore.dll
2009-03-03 03:04 . 2009-04-16 14:22	666624	----a-w	c:\windows\system32\printfilterpipelinesvc.exe
2009-03-03 02:38 . 2009-04-16 14:22	17408	----a-w	c:\windows\system32\iashost.exe
2009-03-03 02:28 . 2009-04-16 14:21	26624	----a-w	c:\windows\system32\ieUnatt.exe
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-02 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-14 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-03-11 159744]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-07-25 174616]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2007-09-30 181544]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-09-19 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 554320]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-19 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-19 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-19 81920]
"SearchSettings"="c:\program files\Search Settings\SearchSettings.exe" [2008-06-12 991584]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"APVXDWIN"="c:\program files\Panda Security\Panda Internet Security 2009\APVXDWIN.EXE" [2008-12-03 869632]
"SCANINICIO"="c:\program files\Panda Security\Panda Internet Security 2009\Inicio.exe" [2008-07-07 50432]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-05-07 516440]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-11 148888]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BTTray.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 727592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 10:05	356352	----a-w	c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PskSvcRetail]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{6F939FB1-2FF9-4295-9861-22A45E132D5B}"= c:\program files\Cyberlink\PowerDirector\PDR.EXE:CyberLink PowerDirector
"{782576AD-1DC8-4389-982E-7A800D33D7F0}"= c:\program files\HP\QuickPlay\QP.exe:Quick Play
"{87D05FDF-AC43-4B60-B588-6A133223E045}"= c:\program files\HP\QuickPlay\QPService.exe:Quick Play Resident Program
"{10C5E9BA-1EDD-4EA8-AFE2-20B59F36D8A5}"= UDP:c:\program files\BitComet\BitComet.exe:BitComet
"{D97042AB-8939-4375-90EC-5E9840738843}"= TCP:c:\program files\BitComet\BitComet.exe:BitComet
"{62A11C85-456F-4EFD-B8CD-2C92E35C608A}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{10CF8091-606C-483C-9D76-422150593BA7}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{9617E730-A193-4775-ABE1-94FB9210D589}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{1F14F0E1-760C-499D-A723-022B9050D578}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{DA5C2E59-757B-4452-8148-9BF08246CFB6}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{370A6A5A-F005-4C65-A293-DDDD0DA04163}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{DA3BABEF-7190-478E-B8EB-DFC5D2468B99}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{E2D8B711-6E28-400D-B619-4E704ED3369F}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{65F849E7-14AF-41D6-BDAF-808E7F0DCFB9}"= UDP:5353:Adobe CSI CS4
"{72A1A1A6-CC20-4F56-ADCB-DA21E16D3F9B}"= UDP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4
"{783E7956-1C16-4085-9308-79CCC1B58F4F}"= TCP:c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:Adobe CSI CS4

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)
"DoNotAllowExceptions"= 0 (0x0)

R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [7-5-2009 18:23 64160]
R0 pavboot;Panda boot driver;c:\windows\System32\drivers\pavboot.sys [21-1-2009 18:40 28544]
R1 APPFLT;App Filter Plugin;c:\windows\System32\drivers\APPFLT.SYS [21-1-2009 18:44 73728]
R1 DSAFLT;DSA Filter Plugin;c:\windows\System32\drivers\dsaflt.sys [21-1-2009 18:45 52992]
R1 FNETMON;NetMon Filter Plugin;c:\windows\System32\drivers\fnetmon.sys [21-1-2009 18:44 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\System32\drivers\idsflt.sys [21-1-2009 18:45 193792]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\System32\drivers\NETFLTDI.SYS [21-1-2009 18:44 158848]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [14-5-2009 14:22 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [14-5-2009 14:22 72944]
R1 ShldDrv;Panda File Shield Driver;c:\windows\System32\drivers\ShlDrv51.sys [21-1-2009 18:35 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\System32\drivers\wnmflt.sys [21-1-2009 18:45 46720]
R2 AmFSM;AmFSM;c:\windows\System32\drivers\amm8660.sys [21-1-2009 18:45 49208]
R2 ComFiltr;Panda Anti-Dialer;c:\windows\System32\drivers\COMFiltr.sys [21-1-2009 18:45 13880]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k Panda --> c:\windows\system32\svchost -k Panda [?]
R2 PavProc;Panda Process Protection Driver;c:\windows\System32\drivers\PavProc.sys [21-1-2009 18:35 179640]
R2 PskSvcRetail;Panda PSK service;c:\program files\Panda Security\Panda Internet Security 2009\psksvc.exe [21-1-2009 18:44 28928]
R3 NETIMFLT01060034;PANDA NDIS IM Filter Miniport v1.6.0.34;c:\windows\System32\drivers\neti1634.sys [21-1-2009 18:43 197888]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [14-5-2009 14:22 7408]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9-3-2009 21:06 953168]

--- Andere Services/Drivers In Geheugen ---

*Deregistered* - AvFlt
*Deregistered* - PavSRK.sys
*Deregistered* - PavTPK.sys

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs	REG_MULTI_SZ BthServ
panda	REG_MULTI_SZ Gwmsrv

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Inhoud van de 'Gedeelde Taken' map

2009-05-21 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 16:22]

2009-05-30 c:\windows\Tasks\User_Feed_Synchronization-{CB5C434C-2ACF-49D3-B6A0-9B931A3C377F}.job
- c:\windows\system32\msfeedssync.exe [2008-11-23 07:33]
.
- - - - ORPHANS VERWIJDERD - - - -

HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
SafeBoot-procexp90.Sys

.
------- Bijkomende Scan -------
.
uStart Page = hxxp://www.people.com/people/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_nl&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: {A8B02DCA-7648-46D6-95A8-B84EC80CA49D} - hxxp://91.184.8.42/applet/SWHTTPUploaderProj.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-30 16:13
Windows 6.0.6001 Service Pack 1 NTFS

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
--------------------- VERGRENDELDE REGISTER SLEUTELS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Voltooingstijd: 2009-05-30 16:15
ComboFix-quarantined-files.txt 2009-05-30 14:14

Pre-Run: 214.245.449.728 bytes free
Post-Run: 214.465.396.736 bytes free

233	--- E O F ---	2009-05-30 10:30


----------



## Kenny94 (Dec 16, 2004)

Hi Carine

Sorry for the delay. I have a family illness and I can not continue to work on this log And I have asked someone to help you on this....


----------



## JSntgRvr (Jul 1, 2003)

Hi, *Carine* 

*Kenny94* Wont be able to be with us for a while. I have moved your topic to the Malware Removal forum.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under *Upgrading Java*, to download and install the latest vesion.


Read through the requirements and privacy statement and click on *Accept* button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click *Run*.
When the downloads have finished, click on *Settings*.
Make sure the following is checked. 
*Spyware, Adware, Dialers, and other potentially dangerous programs 
Archives
Mail databases*

Click on *My Computer* under *Scan*.
Once the scan is complete, it will display the results. Click on *View Scan Report*.
You will see a list of infected items there. Click on *Save Report As...*.
Save this report to a convenient place. Change the *Files of type* to *Text file (.txt)* before clicking on the *Save* button.
Please post this log in your next reply.
*Upgrading Java*:

Download the latest version of *Java SE Runtime Environment (JRE)JRE 6 Update 14*.
Click the "*Download*" button to the right.
Select your Platform and check the box that says: "*I agree to the Java SE Runtime Environment 6 License Agreement.*".
Click on *Continue*.
Click on the link to download Windows Offline Installation (jre-6u14-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
Close any programs you may have running - especially your web browser.
Go to *Start* > *Control Panel*, double-click on *Add/Remove *programs and remove all older versions of Java.
Check any item with Java Runtime Environment *(JRE or J2SE)* in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the *jre-6u14-windows-i586.exe* and select "Run as an Administrator.")
Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.


----------



## Carine (Apr 16, 2006)

here you go...am I correct in the assumption that it is another problem than before? Or is it still the same thing that just won't let itself be deleted? Very frustrating 
Ow wait it found it in the docterweb quarantine so it's the same as before...but how do I get rid of it now?

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, June 2, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, June 02, 2009 18:47:07
Records in database: 2297352
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 166139
Threat name: 1
Infected objects: 0
Suspicious objects: 1
Duration of the scan: 02:09:45


File name / Threat name / Threats count
C:\Users\Carine\DoctorWeb\Quarantine\tmpB4C00.tmp	Suspicious: Trojan.Win32.Patched.dy	1

The selected area was scanned.


----------



## JSntgRvr (Jul 1, 2003)

Hi, *Carine* 

The system seems free of malware.

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete this *file*:

*C:\Users\Carine\DoctorWeb\Quarantine\tmpB4C00.tmp*

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To turn off Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK

Graphic instructions:

http://www.bleepingcomputer.com/tutorials/tutorial143.html

*Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.*

*Follow these steps to uninstall Combofix:*

 Click the Vista *START* button.
 Now type *Combofix /u* in the search box and press Ctrl+Shift+Enter. Note the *space* between the *x* and the */u*, it needs to be there.

*How is it doing?*


----------



## Carine (Apr 16, 2006)

Sorry I am not quite sure yet how to turn it off. Do I click on "system Restore" in the first steps nr 7 ?


----------



## JSntgRvr (Jul 1, 2003)

Carine said:


> Sorry I am not quite sure yet how to turn it off. Do I click on "system Restore" in the first steps nr 7 ?


Would the Graphic Instructions help? See Disabling System Restore.


----------



## Carine (Apr 16, 2006)

sorry I thought that was for the other thing. I'll have a go at it and will reply tomorrow how it went.

Thanx soooo much for all the help! It is so much appreciated!!


----------



## Carine (Apr 16, 2006)

Hi,

Okay so the visuals helped but when I try to do it and the computer reboots I get an error message saying the system restore was not completed successfully.
It told me to "undo" the system restore but that failed too. Not sure what to do now.


----------



## JSntgRvr (Jul 1, 2003)

Carine said:


> Hi,
> 
> Okay so the visuals helped but when I try to do it and the computer reboots I get an error message saying the system restore was not completed successfully.
> It told me to "undo" the system restore but that failed too. Not sure what to do now.


Repeat the process. Disable System Restore, then restart the computer. Once back into Windows, enable System Restore. It is a very simple process but, I don't have control over it remotely. It must be done by you.


----------



## Carine (Apr 16, 2006)

ok i'll try it again!


----------



## Carine (Apr 16, 2006)

Ok I turned it on and off. 

Rebooted after both.

Then tried to do system restore but it says it doesn't have any points to restore to.


----------



## Kenny94 (Dec 16, 2004)

Carine said:


> Ok I turned it on and off.
> 
> Rebooted after both.
> 
> Then tried to do system restore but it says it doesn't have any points to restore to.


Hi Carine, I'm back.

This is fine,but be sure system restore is turn on and it will create new system restore points if need it in the furture....


----------



## Carine (Apr 16, 2006)

Good to have you back! And thanx to JsntGrvr for stepping in to help!!!!

is it all done now? Can i download a new program now? I know it's 100% safe

I'll go check my Panda scan now too, see what happens..


----------



## Kenny94 (Dec 16, 2004)

Carine said:


> Good to have you back! And thanx to JsntGrvr for stepping in to help!!!!
> 
> is it all done now? Can i download a new program now? I know it's 100% safe
> 
> I'll go check my Panda scan now too, see what happens..


Yes you can. Have fun with your PC. And lets us know.


----------



## Carine (Apr 16, 2006)

Thanx soooooo much for everything you have done! It's amazing you guys exist!


----------



## Carine (Apr 16, 2006)

It still won't scan :S


----------



## Kenny94 (Dec 16, 2004)

I feel this is with Panda Internet Security. I had users with some problems with Panda. You can remove Panda and installed it again..Or go with another Anti-Virus Program. I use :

*Avira AntiVir Personal *

and Online Armor Personal Firewall (Free edition v3.5.0.9) at:

http://www.tallemu.com/downloads.html

Online Armor and Avira. The perfect combo I feel.


----------



## Carine (Apr 16, 2006)

Ok thanx for the tips!

And a HUGE thank you for all the help. I think I'm supposed to mark this thread as solved now...


----------



## Kenny94 (Dec 16, 2004)

You are Welcome. We'll mark it solved for you.....


----------



## Kenny94 (Dec 16, 2004)

I see you marked it solved.....:up:


----------

