Tech Support Forum banner
Cancel

Internet explorer malware redirection

2406 Views 35 Replies 2 Participants Last post by  sjpritch25
W
I have what many others in this forum have, the redirection of my web browser.
I have followed the instructions for loggng my system and here they are.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Mark at 22:02:12.00 on 29/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1102 [GMT 1:00]

AV: Panda Global Protection 2010 *On-access scanning enabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost -k Panda
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PsCtrls.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PavFnSvr.exe
C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe
c:\program files\panda security\panda global protection 2010\firewall\PSHOST.EXE
C:\Program Files\Panda Security\Panda Global Protection 2010\PsImSvc.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\PskSvc.exe
C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Panda Security\Panda Global Protection 2010\TPSrv.exe
C:\PROGRAM FILES\PANDA SECURITY\PANDA GLOBAL PROTECTION 2010\WebProxy.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\pavsrv51.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\AVENGINE.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Panda Security\Panda Global Protection 2010\ApVxdWin.exe
C:\Program Files\XpertVision\TBPanel.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\EDIMAX\Common\RaUI.exe
C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Panda Security\Panda Global Protection 2010\SRVLOAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2010\PavBckPT.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Mark\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com/
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [scrsss.exe] scrsss.exe
uRun: [ISUSPM] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler
uRun: [Service Pack 7] c:\documents and settings\mark\application data\Service Pack 7.exe
uRun: [{ADFE88A5-3F89-91C1-C957-7C848FF5CCD7}] "c:\documents and settings\mark\application data\iqys\nirof.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Gainward] c:\program files\xpertvision\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\JMRaidSetup.exe boot
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [scrsss.exe] scrsss.exe
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Service Pack 7] c:\documents and settings\mark\application data\Service Pack 7.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [nfgbiphm] c:\windows\system32\nfgbiphm.exe
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2010\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2010\Inicio.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\mark\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\pmbcore\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\wirele~1.lnk - c:\program files\edimax\common\RaUI.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1233607993078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1239894648500
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: GootkitSSO - {436230F9-FAE0-47B6-A318-B56B8BBC9BDC} - c:\windows\system32\msxsltsso.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
mASetup: {070S0137-2Q6E-841W-6XB6-DIIT4E0WP114} - c:\documents and settings\mark\application data\Service Pack 7.exe
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\mark\applic~1\mozilla\firefox\profiles\vdm5k5io.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-6-26 64288]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2010-5-31 28552]
R1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-5-31 75016]
R1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-5-31 53128]
R1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-5-31 22072]
R1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-5-31 193800]
R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-5-31 159112]
R1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-5-31 41144]
R1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-5-31 46728]
R2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2006-2-28 14336]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1352832]
R2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2010\PsCtrlS.exe [2010-5-31 173312]
R2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2010-5-31 84024]
R2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2010\PavFnSvr.exe [2010-5-31 169216]
R2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-5-31 163336]
R2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-5-31 62768]
R2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2010\PAVSRV51.EXE [2010-5-31 291584]
R2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2010\psksvc.exe [2010-5-31 28928]
R2 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RalinkRegistryWriter.exe [2010-6-1 69632]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 AvFlt;Antivirus Filter Driver;c:\windows\system32\drivers\av5flt.sys --> c:\windows\system32\drivers\av5flt.sys [?]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [2010-5-31 199432]
R3 PavSRK.sys;PavSRK.sys;\??\c:\windows\system32\pavsrk.sys --> c:\windows\system32\PavSRK.sys [?]
R3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2010-5-31 619136]
S3 ComFiltr;Panda Anti-Dialer;c:\windows\system32\drivers\COMFiltr.sys [2010-5-31 13880]
S3 cpuz132;cpuz132;\??\c:\docume~1\mark\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\mark\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-2-2 17149]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-12-29 18560]
S3 RkPavproc1;RkPavproc1;\??\c:\windows\system32\drivers\rkpavproc1.sys --> c:\windows\system32\drivers\RkPavproc1.sys [?]
S3 tdimgr;tdimgr;\??\c:\windows\system32\tdimgr.sys --> c:\windows\system32\tdimgr.sys [?]

=============== Created Last 30 ================

2010-06-29 18:34:12 60416 ----a-w- c:\windows\system32\drivers\Combo-Fix.sys
2010-06-29 18:28:37 0 dcs---w- C:\ComboFix
2010-06-29 14:17:22 0 dcsha-r- C:\cmdcons
2010-06-29 14:12:43 98816 ----a-w- c:\windows\sed.exe
2010-06-29 14:12:43 77312 ----a-w- c:\windows\MBR.exe
2010-06-29 14:12:43 256512 ----a-r- c:\windows\PEV.exe
2010-06-29 14:12:43 161792 ----a-w- c:\windows\SWREG.exe
2010-06-28 19:47:48 771581 -c--a-w- c:\windows\system32\dllcache\winacisa.sys
2010-06-28 19:46:59 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-06-28 19:45:57 50176 -c--a-w- c:\windows\system32\dllcache\umaxp60.dll
2010-06-28 19:44:57 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-06-28 19:43:58 3968 -c--a-w- c:\windows\system32\dllcache\swusbflt.sys
2010-06-28 19:42:56 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-06-28 19:41:58 150144 -c--a-w- c:\windows\system32\dllcache\sis6306v.dll
2010-06-28 19:40:59 245632 -c--a-w- c:\windows\system32\dllcache\s3savmx.dll
2010-06-28 19:39:50 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-06-28 19:39:04 0 d-----w- c:\program files\ESET
2010-06-28 19:38:58 8832 -c--a-w- c:\windows\system32\dllcache\powerfil.sys
2010-06-28 19:37:59 20480 -c--a-w- c:\windows\system32\dllcache\ovcomc.dll
2010-06-28 19:36:57 39264 -c--a-w- c:\windows\system32\dllcache\neo20xx.sys
2010-06-28 19:35:57 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-06-28 19:34:57 70730 -c--a-w- c:\windows\system32\dllcache\lne100tx.sys
2010-06-28 19:33:56 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-06-28 19:32:59 18560 -c--a-w- c:\windows\system32\dllcache\i2omp.sys
2010-06-28 19:31:59 93696 -c--a-w- c:\windows\system32\dllcache\hpgt42.dll
2010-06-28 19:30:59 22090 -c--a-w- c:\windows\system32\dllcache\fem556n5.sys
2010-06-28 19:29:59 44103 -c--a-w- c:\windows\system32\dllcache\el515.sys
2010-06-28 19:28:59 27648 -c--a-w- c:\windows\system32\dllcache\cyyports.dll
2010-06-28 19:27:57 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-06-28 19:26:35 46112 -c--a-w- c:\windows\system32\dllcache\adptsf50.sys
2010-06-28 18:24:36 0 d-----w- c:\program files\Sun
2010-06-28 15:10:26 1953792 ----a-r- c:\windows\system32\JMRaidSetup.exe
2010-06-28 15:10:26 139264 ----a-r- c:\windows\system32\JMRaidAPI.dll
2010-06-28 15:10:26 0 dc----w- C:\JM
2010-06-28 15:10:17 0 d-----w- c:\windows\JM
2010-06-26 19:38:29 0 d-----w- c:\windows\SxsCaPendDel
2010-06-26 19:24:42 0 d-----w- c:\program files\Trend Micro
2010-06-26 16:12:11 0 d-----w- c:\program files\AVG
2010-06-26 15:43:17 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-26 15:08:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-06-26 13:49:18 64288 -c--a-w- c:\windows\system32\drivers\Lbd.sys
2010-06-26 13:49:15 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-06-26 13:43:24 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-06-26 13:43:13 0 d-----w- c:\program files\Lavasoft
2010-06-23 12:42:32 0 d-----w- c:\program files\iPod
2010-06-23 12:42:27 0 d-----w- c:\program files\iTunes
2010-06-23 12:39:56 0 d-----w- c:\program files\Bonjour
2010-06-22 13:34:51 0 d-----w- c:\program files\Microsoft Corporation
2010-06-22 13:21:14 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-17 15:24:06 0 dc----w- c:\docume~1\mark\applic~1\Egpus
2010-06-02 19:30:24 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-06-02 19:30:24 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-06-02 19:30:24 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-06-02 19:30:24 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-06-02 19:30:23 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-06-02 18:36:43 0 dc----w- c:\docume~1\alluse~1\applic~1\Driver Whiz
2010-06-01 22:05:02 2189952 -c--a-w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-06-01 13:32:52 6144 -c--a-w- c:\windows\system32\dllcache\kbd106n.dll
2010-06-01 13:31:59 19456 -c--a-w- c:\windows\system32\dllcache\agt0401.dll
2010-06-01 13:30:58 142848 -c--a-w- c:\windows\system32\dllcache\fxsclnt.exe
2010-06-01 13:30:56 6144 -c--a-w- c:\windows\system32\dllcache\kbdax2.dll
2010-06-01 13:30:55 456192 -c--a-w- c:\windows\system32\dllcache\smtpsvc.dll
2010-06-01 13:30:37 331264 -c--a-w- c:\windows\system32\dllcache\aqueue.dll
2010-06-01 13:30:17 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-01 13:27:41 19569 ----a-w- c:\windows\003155_.tmp
2010-06-01 12:08:02 28288 -c--a-w- c:\windows\system32\dllcache\xjis.nls
2010-06-01 12:06:59 78848 -c--a-w- c:\windows\system32\dllcache\dayi.ime
2010-06-01 12:05:04 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-06-01 12:04:59 749 ---ha-r- c:\windows\WindowsShell.Manifest
2010-06-01 12:04:59 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest
2010-06-01 12:04:59 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest
2010-06-01 12:04:59 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest
2010-06-01 12:03:33 39936 -c--a-w- c:\windows\system32\dllcache\snmpthrd.dll
2010-06-01 12:03:33 39936 ----a-w- c:\windows\system32\wbem\snmpthrd.dll
2010-06-01 12:03:33 259072 -c--a-w- c:\windows\system32\dllcache\snmpcl.dll
2010-06-01 12:03:33 259072 ----a-w- c:\windows\system32\wbem\snmpcl.dll
2010-06-01 10:49:59 1024809 ----a-w- c:\windows\setupapi.log.1.old
2010-05-31 23:31:32 14573 ----a-r- c:\windows\SET98.tmp
2010-05-31 23:31:28 13753 ----a-r- c:\windows\SET65.tmp
2010-05-31 23:31:26 1086058 ----a-r- c:\windows\SET59.tmp
2010-05-31 23:31:25 1042903 ----a-r- c:\windows\SET56.tmp
2010-05-31 20:12:38 0 d-----w- c:\program files\EDIMAX
2010-05-31 20:12:37 619136 ----a-w- c:\windows\system32\drivers\rt2870.sys
2010-05-31 20:12:37 4096 ----a-w- c:\windows\system32\drivers\rt2870.bin
2010-05-31 20:12:37 217088 ----a-w- c:\windows\system32\RaCoInst.dll
2010-05-31 20:12:37 14640 ----a-w- c:\windows\system32\RaCoInst.dat
2010-05-31 20:12:36 0 dc----w- c:\docume~1\alluse~1\applic~1\Edimax Driver
2010-05-31 20:03:15 376832 ----a-w- c:\windows\system32\AegisI5Installer.exe
2010-05-31 19:32:43 13880 ----a-w- c:\windows\system32\drivers\COMFiltr.sys
2010-05-31 19:17:12 262 ----a-w- c:\windows\system32\PavCPL.dat
2010-05-31 19:17:10 276380 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-05-31 19:17:10 276380 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-05-31 19:17:10 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-05-31 19:17:10 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-05-31 19:17:07 53128 ----a-w- c:\windows\system32\drivers\dsaflt.sys
2010-05-31 19:17:07 46728 ----a-w- c:\windows\system32\drivers\wnmflt.sys
2010-05-31 19:17:07 193800 ----a-w- c:\windows\system32\drivers\idsflt.sys
2010-05-31 19:17:01 75016 ----a-w- c:\windows\system32\drivers\APPFLT.SYS
2010-05-31 19:17:01 22072 ----a-w- c:\windows\system32\drivers\fnetmon.sys
2010-05-31 19:17:01 159112 ----a-w- c:\windows\system32\drivers\NETFLTDI.SYS
2010-05-31 19:16:50 54832 ----a-w- c:\windows\system32\pavcpl.cpl
2010-05-31 19:16:33 87296 ----a-w- c:\windows\system32\PavLspHook.dll
2010-05-31 19:16:33 193792 ----a-w- c:\windows\system32\TpUtil.dll
2010-05-31 19:16:33 107568 ----a-w- c:\windows\system32\SYSTOOLS.DLL
2010-05-31 19:16:32 55552 ----a-w- c:\windows\system32\pavipc.dll
2010-05-31 19:16:31 518400 ----a-w- c:\windows\system32\PavSHook.dll
2010-05-31 19:16:24 199432 ----a-w- c:\windows\system32\drivers\neti1639.sys
2010-05-31 19:16:19 84024 ----a-w- c:\windows\system32\drivers\pavdrv51.sys
2010-05-31 19:16:19 58672 ----a-w- c:\windows\system32\avldr.dll
2010-05-31 19:16:19 0 d-----w- c:\windows\system32\PAV
2010-05-31 19:16:15 0 dc----w- c:\docume~1\mark\applic~1\Panda Security
2010-05-31 19:16:15 0 dc----w- c:\docume~1\alluse~1\applic~1\Panda Security
2010-05-31 19:14:56 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-05-31 19:14:37 41144 ----a-r- c:\windows\system32\drivers\ShlDrv51.sys
2010-05-31 19:14:37 163336 ----a-r- c:\windows\system32\drivers\PavProc.sys
2010-05-31 19:14:37 0 d-----w- c:\program files\common files\Panda Security
2010-05-31 08:29:51 0 d-----w- c:\windows\system32\URTTEMP
2010-05-31 08:22:36 0 d-----w- c:\program files\Support Tools

==================== Find3M ====================

2010-06-01 12:04:24 23376 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-01 00:35:13 21361 ----a-w- c:\windows\system32\drivers\AegisP.sys
2010-05-18 15:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 15:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-19 19:47:44 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-12 16:29:19 411368 ----a-w- c:\windows\system32\deployJava1.dll

============= FINISH: 22:02:46.78 ===============

Awaiting your solutions in anticipation.:pray:

Attachments

See less See more
Save
Like
Status
Not open for further replies.
1 - 20 of 36 Posts
sjpritch25
Welcome to TSF :)

I noticed you have run ComboFix. In your next reply, please post the combofix log located here c:\combofix.txt thanks.
Save
Like
W
Hi sjpritch25.
I cannot get comboFix to finish, it runs and then goes to reboot but then just hangs.
I have searched for the comboFix.txt but i suppoe because it has not rebooted it won't make the .txt file.
Anything else i can try??
Save
Like
sjpritch25
Did you fully disable Panda before running ComboFix?
Save
Like
W
Hi, yes i did. I turned off virus protection, adware, real time monitoring but after it has run is states that it is rebootin computer, but it just sits there hanging.
Anything else i can do apart from uninstall panda? (which i don't really want to do).
Save
Like
sjpritch25
Let me check with dev of combofix, i'll get back with you soon.
Save
Like
sjpritch25
do you winzip or winrar installed on your pc? I will need you to zip a folder and submit it.
Save
Like
W
Hi, comboFix is not zipped, i do have winrar installed on my pc though.
Save
Like
W
Hi, here is comboFix winrar'd.
Save
Like
sjpritch25
Open notepad and copy/paste the text in the codebox below into it:
Code: 
@PEV CLIST >%tmp%\Logit.txt
@Notepad %tmp%\Logit.txt
Save this as test.bat
Choose to "Save type as - All Files"
Save it on your desktop.


==============================


Please try running ComboFix again, when combofix freezes trying to reboot, wait 5 minutes.

If you still have access to your desktop, double-click on test.bat. Otherwise press Ctrl Alt Delete simontaniously, Click on New (Task)Run, Click on Browse and navigate to the file from there.


Then do the close the blue dos window. Zip/Upload the entire ComboFix folder located usually here C:\ComboFix. Attach the earlier Logit.txt into the zip file

Upload the file here
http://www.bleepingcomputer.com/submit-malware.php?channel=4


Manually reboot machine and let us know if CF continues running.
See less See more
Save
Like
W
Ok. i will have to report back to you tomorrow, as i have to get some shut eye soon.
Many thanks for the help so far.
Save
Like
sjpritch25
no problem
Save
Like
W
Hi sjpritch25.
Have just run it again and had to use the logit.bat file. I have uploaded it t the URL you stated.
I will check back around midday tomorrow (your time).
Again, thanks for your help so far.
Save
Like
sjpritch25
no problem
Save
Like
sjpritch25
i need you to zip the whole folder also. C:\ComboFix.
Save
Like
W
Sorry sjpritch25, i have now zipped up comboFix and added logit.txt into the same folder and submitted it.
Save
Like
sjpritch25
what did you name it, I'm having trouble find the upload.
Save
Like
W
Here it is.

Attachments

Save
Like
W
I can't upload the comboFix.zip
Save
Like
sjpritch25
what does it say? To large?
Save
Like
1 - 20 of 36 Posts
Status
Not open for further replies.
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top