0

Hi and thanks again to all the good people on Daniweb.
Since yesterday my P/C has shut itself down automatically and restarted. On restart it says that my disk D needs to be checked for consistency. When the disk check is complete the system starts as usual and there is a notice saying that the system has recovered from a serious error. :o
So I am a little concerned I have run spybot and antivirus and everything seems OK, my operating system is Windows XP
I have attached the Hijack this log below :
Logfile of HijackThis v1.99.0
Scan saved at 3:23:42 PM, on 3/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe

Any advice will be well appreciated. Thanks, Danielle
Also recently when I have been shutting the system down the End Program window comes up for Centinel VxD which I am not sure what it is.

4
Contributors
16
Replies
18
Views
12 Years
Discussion Span
Last Post by DMR
0

hi, when i search Centinel VxD it comes up with backdoe trojan inf ,so i suggest you spend some time updating and running any of these programs that you haven't alllredy tried ,to check you computer ,
good luck .
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,


Go
Here
and Get Trojan-Hunter Fully working trial! and run a full scan
,,,,,,,,,,,,,,,,,,,,,
To remove trojans there is a tool which needs to be downloaded and run.

1. Please download Stinger and save it to your desktop

2. Double-click on the stinger.exe file and open the tool

3. Choose your entire hard drive to scan.

4. Choose Scan Now

5. Stinger will fix anything that it finds

6. Click the File menu and select Save report to file

7. Post the log file results here in this thread.

STINGER

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Reboot to SAFE mode to delete files
How to start computer in safe mode

Please delete your temporary files by deleting all files and folders that are in those folders (do not delete the temp folder itself) like for example
C:\WINDOWS\Temp\
C:\Temp\
C:\Documents and Settings\username\Local Settings\Temp\
Also delete your Temporary Internet Files, be sure to also select delete all offline content.

Do a virus scan Please do an online scan, 2 would be better,

Micro World http://www.mwti.net/antivirus/free_utilities.asp
Trend Micro http://housecall.trendmicro.com/housecall/start_corp.asp

Make sure that you choose "fix" or "clean".

.
,,,,,,,,,,,,,,,,,,,,,,,,,,
Download then unzip and run CWShredder to clean up clicking "FIX" to have it remove all it finds.

CWShredder available from these places :-


http://www.aluriasoftware.com/tools/cwshredder.zip
Or this as a full download without any unzipping required
http://www.downloads.subratam.org/CWShredder.exe
http://www.spywareinfo.com/downloads/tools/CWShredder.exe

We have found that some of the CWS infections can be removed better from safe mode, rather than normal mode.
To get to safe mode use the F8 key while booting the machine. Detailed instructions from :-
HERE
,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
Then please do this since it’s better to use automated tools to get rid of the bad stuff use these 2 programs first before doing the final cleaning with HJT

First use Spybot S&D. (Version 1.3)
Spybot
Unzip, and update. Install the updates and run. Delete all that it marks in red.
Reboot

Then it’s time for Ad-Aware
Ad-Aware
Install and update by using the globe icon. Restart your computer and run Ad-Aware.
Press scan now and select drives and/or partitions to be scanned. When done select all and click next. Remove all checked items and then reboot your computer.

Please go to this page and read the instructions for how to configure Spybot S&D & Ad-Aware
How To Setup Spybot SD and Ad-Aware

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
If needed !!!!!!version 1.99.1
Reboot and post a new HiJackThis log. You need an updated version of Hijackthis which you can get from HERE

Then post a HJT log as a reply to this topic.

0

Hi there and thanks for the reply to my posting.
I ran Trojan hunter it didn't find anything the same thing with stinger.
I updated CWShredder and spybot but they too didn't seem to show anything up.
I downloaded Spy subtract from the CWShredder program link and that found a few things :

--------------------------------- SpySubtract session started ---------------------------------
Machine=FND
Time=Tue Apr 05 09:30:15 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)


Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'bravenet.com' in 'Internet Explorer Cache'
Found 'adtech.de' in 'Internet Explorer Cache'
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'SOFTWARE\Classes\.xmfg'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Control'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1\CLSID'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\LocalServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}\TypeLib'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl.1'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl.1\CLSID'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl\CLSID'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl\CurVer'
Found '' in 'SOFTWARE\Classes\TypeLib\{ED15346E-0AEC-4B72-B23C-ED6F420FCBA7}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{ED15346E-0AEC-4B72-B23C-ED6F420FCBA7}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{ED15346E-0AEC-4B72-B23C-ED6F420FCBA7}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{ED15346E-0AEC-4B72-B23C-ED6F420FCBA7}\1.0\HELPDIR'
Found '' in 'SOFTWARE\morp'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\Channels\DATING'
Found '' in 'Software\Kazaa\Channels\DATING_BROWSE'
Found '' in 'Software\Kazaa\Channels\G_SPOT_BROWSE'
Found '' in 'Software\Kazaa\Channels\ONELOVE_BROWSE'
Found '' in 'Software\Kazaa\Channels\P2P'
Found '' in 'Software\Kazaa\Channels\RSHIPHOP_BROWSE'
Found '' in 'Software\Kazaa\Channels\WEBSEARCH'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Promotions\Broadband'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe'
Found '' in 'Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE'
Found '' in 'Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE'
Found '' in 'Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found '' in 'Software\Kazaa\Channels\SKILLEDGAMES'
Found '' in 'SOFTWARE\Classes\CLSID\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}\InprocServer32'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchsquire.com'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'BBDbLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc2' in 'Software\Kazaa\Promotions\Broadband'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\morpheus'
Found 'Declw.dll' in 'C:\Program Files\WINDOWS\SYSTEM'
Found 'Decln.dll' in 'C:\Program Files\WINDOWS\SYSTEM'
--------------------------------- SpySubtract session started ---------------------------------
Machine=FND
Time=Tue Apr 05 09:35:42 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)


--------------------------------- SpySubtract session started ---------------------------------
Machine=FND
Time=Tue Apr 05 09:36:05 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)


--------------------------------- SpySubtract session started ---------------------------------
Machine=FND
Time=Tue Apr 05 09:36:44 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)


[SPYSUBTRACT] An error has occurred while scanning Files and Directories. [SSENGINE] An Unexpected Problem was encountered . Error#: 0x80004003
--------------------------------- SpySubtract session started ---------------------------------
Machine=FND
Time=Tue Apr 05 09:37:12 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)


--------------------------------- SpySubtract session started ---------------------------------
Machine=FND
Time=Tue Apr 05 09:37:22 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)


--------------------------------- SpySubtract session started ---------------------------------
Machine=FND
Time=Tue Apr 05 09:43:36 2005
Product Version=1, 0, 1, 49
OS Version=Microsoft Windows XP Professional Service Pack 2 (Build 2600)


Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'bravenet.com' in 'Internet Explorer Cache'
Found 'adtech.de' in 'Internet Explorer Cache'
Found 'bluestreak.com' in 'Internet Explorer Cache'
Found 'centrport.net' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\ResultsFilter'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'Software\Kazaa\Transfer'
Found '' in 'Software\KaZaA\CloudLoad'
Found '' in 'Software\KaZaA\ConnectionInfo'
Found '' in 'Software\KaZaA\LocalContent'
Found '' in 'SOFTWARE\Classes\.xmfg'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Control'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\InprocServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{21F16767-8DA7-4113-BEB0-F161B313407F}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}'
Found '' in 'SOFTWARE\Classes\CLSID\{B666CF5A-B50A-49E4-8354-37AC595C5B7E}\InprocServer32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{6043F8F5-4FBE-47DA-A789-146B02AE6FA0}\1.0\HELPDIR'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1'
Found '' in 'SOFTWARE\Classes\XMIRAGE.XMirageCtrl.1\CLSID'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\LocalServer32'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\MiscStatus'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\MiscStatus\1'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\ProgID'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\ToolboxBitmap32'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\TypeLib'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\Version'
Found '' in 'SOFTWARE\Classes\CLSID\{7E5DA25B-1C13-4B78-837A-B938624EBA41}\VersionIndependentProgID'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF}\TypeLib'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl.1'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl.1\CLSID'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl\CLSID'
Found '' in 'SOFTWARE\Classes\Sostatatl.StatHTMLCtrl\CurVer'
Found '' in 'SOFTWARE\Classes\TypeLib\{ED15346E-0AEC-4B72-B23C-ED6F420FCBA7}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{ED15346E-0AEC-4B72-B23C-ED6F420FCBA7}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{ED15346E-0AEC-4B72-B23C-ED6F420FCBA7}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{ED15346E-0AEC-4B72-B23C-ED6F420FCBA7}\1.0\HELPDIR'
Found '' in 'SOFTWARE\morp'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Advanced'
Found '' in 'Software\Kazaa\Channels\DATING'
Found '' in 'Software\Kazaa\Channels\DATING_BROWSE'
Found '' in 'Software\Kazaa\Channels\G_SPOT_BROWSE'
Found '' in 'Software\Kazaa\Channels\ONELOVE_BROWSE'
Found '' in 'Software\Kazaa\Channels\P2P'
Found '' in 'Software\Kazaa\Channels\RSHIPHOP_BROWSE'
Found '' in 'Software\Kazaa\Channels\WEBSEARCH'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'Software\Kazaa\Promotions\Broadband'
Found '' in 'Software\Kazaa\Skins'
Found '' in 'Software\Kazaa\UserDetails'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found '' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\D:\InstallShield\Kazaa\kazaa.exe'
Found '' in 'Software\Kazaa\Channels\EMERGING_ARTISTS_BROWSE'
Found '' in 'Software\Kazaa\Channels\RINGTONECHANNEL_BROWSE'
Found '' in 'Software\Kazaa\Channels\RINGTONECHANNEL_SEARCH'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa'
Found '' in 'SOFTWARE\Magnet\Handlers\Kazaa\Type'
Found '' in 'Software\Kazaa\Channels\SKILLEDGAMES'
Found '' in 'SOFTWARE\Classes\CLSID\{EEECA057-AD0F-44A7-8BE5-8634CEDBDBD1}\InprocServer32'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchsquire.com'
Found 'Tmp' in 'Software\Kazaa'
Found 'Status' in 'Software\Kazaa\Advanced'
Found 'BBDbLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc' in 'Software\Kazaa\Promotions\Broadband'
Found 'NullImageLoc2' in 'Software\Kazaa\Promotions\Broadband'
Found 'b' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b0seconds' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\in'
Found 'b1' in 'SOFTWARE\Kazaa\Bandwidth\out'
Found 'DatabaseDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'Date' in 'Software\Kazaa\Settings'
Found 'DownloadDir' in 'SOFTWARE\Kazaa\LocalContent'
Found 'UseCount' in 'Software\Kazaa\Settings'
Found 'NoUploadLimitWhenIdle' in 'Software\Kazaa\Transfer'
Found 'FirewallStatus' in 'SOFTWARE\Kazaa'
Found 'ListenPort' in 'SOFTWARE\Kazaa'
Found 'my_ip_address' in 'SOFTWARE\Kazaa'
Found 'network_config' in 'SOFTWARE\Kazaa'
Found 'Tmp' in 'SOFTWARE\Kazaa'
Found 'UDP_probe_successes' in 'SOFTWARE\Kazaa'
Found 'UDP_receive_status' in 'SOFTWARE\Kazaa'
Found 'time' in 'SOFTWARE\Kazaa\Bandwidth\LastEstimate'
Found 'ShareDir' in 'SOFTWARE\Kazaa\CloudLoad'
Found 'KazaaNet' in 'SOFTWARE\Kazaa\ConnectionInfo'
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\morpheus'
Found 'Declw.dll' in 'C:\Program Files\WINDOWS\SYSTEM'
Found 'Decln.dll' in 'C:\Program Files\WINDOWS\SYSTEM'
Found 'Decln.dll' in 'D:\WINDOWS\system32'
Found 'Declw.dll' in 'D:\WINDOWS\system32'
Found 'kmd2.tmp' in 'D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp'
Found 'kmd3.tmp' in 'D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp'
Found 'kmd4.tmp' in 'D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp'
Found 'kmd5.tmp' in 'D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp'
Found 'kmd6.tmp' in 'D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp'
Found 'kmd7.tmp' in 'D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp'
Found 'kmd8.tmp' in 'D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp'
Found 'kmd9.tmp' in 'D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp'
Found '' in 'D:\Program Files\morpheus'
Found 'Audio - The Honey Palace Album.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found 'Audio - Alternative Rock.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found 'Audio - Barrington Levy.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found 'Audio - Electronica.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found 'Audio - Fine Arts Militia Album.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found 'Audio - Hip Hop.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found 'Audio - Jazz.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found 'Audio - Pop Rock.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found 'Audio - R&B.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found 'Audio - Reggae.kpl' in 'E:\Program Files\Ares\My Shared Folder\My Shared Folder'
Found '' in 'F:\Program Files\Kazaa'
Found '' in 'F:\Program Files\Kazaa\Db'
Found 'dmo4-040126.cab' in 'F:\Program Files\Kazaa\Db'
Found 'ctx4-040218.cab' in 'F:\Program Files\Kazaa\Db'
Found 'Audio - Alternative Rock.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Electronica.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Folk.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Hip Hop.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Pop Rock.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - R&B.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - The Honey Palace Album.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Barrington Levy.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Fine Arts Militia Album.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Funk.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Jazz.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Public Enemy Revolverlution Album.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Found 'Audio - Reggae.kpl' in 'F:\Program Files\Kazaa\My Shared Folder'
Finished Scanning

I actually removed Kazaa from my system ages ago so I was surprised so many Kazaa entries came up.
I fixed most of the entries but there was something called Media Forge Inc ( 18 entries) and when I was going to fix them the program said that they weren't necessarily a threat and was I sure I wanted to remove them so I left them for the time being. If you have any idea about those please let me know.
The Centinel V x D end program still came up and when I restated the computer a couple of times it had a window saying :
Generic Host Process for Win 32 Services encountered a problem and needed to close.

The other strange thing is whenever I try to delete my temporary internet files and offline content the computer freezes in IE and I have to exit and end the program completely.
Also I am not 100% sure how to delete the temporary files on my computer like you suggested could you please be more specific.
The other weird thing is my disk space on D:\ seems to be suddenly super full and I am not sure how that happened I also found in the add or remove programs in the control panel a program called Java runtime environment which I can never remember downloading and it was 130MB I have removed it from the list and the PC is working fine no noticable changes but it was a bit weird to see it on the list.
Thanks for your attention, I took quite along time to get back to you so I hope you look at my thread again :)

Edited by Nick Evan: Fixed formatting

0

Here are a few more things you can do to help clean up your system:

Go to Add/Remove Programs in the Control Panel and remove Kazaa (if you haven't already), and then get Kazaabegone to remove all remnants of kazaa:
http://www.spychecker.com/program/kazaagone.html

Before running Kazaabegone, download LSPfix from:
http://www.computercops.biz/downloads-file-334.html (the process of getting rid of Kazaa sometimes messes up the internet connection and this will allow you to restore it).

Run Kazaabegone; if your internet connection is lost, start LSPfix.
On the opening screen, click the "I know what I'm doing" checkbox. Then click Finish.
That will restore all previous settings.

For every User listed under C:\Documents and Settings, delete the entire contents of these folders (not the folders themselves; if you can't do it while in 'normal' mode, boot into Safe Mode):

Local Settings\Temp
Cookies
History
Local Settings\Temporary Internet Files\Content.IE5

Delete the entire contents of your C:\Windows\Temp folder.

Delete the entire contents of your C:\Temp folder (if you have one).

Do a search for *.tmp and delete all entries found.

(Note: if any of these temporary files cannot be deleted while in ‘normal mode,’ try Safe Mode.

Try CounterSpy, you can get it from here:

http://www.download.com/3000-8022_4-10337358.html

It has a 15-day free trial which will be plenty of time to get your system cleaned up, or you can purchase it for $20 (US). After you download it, install it; when asked for a registration number, just click next.

Before scanning the first time, make the following adjustments to the settings:

CounterSpy Settings

At the very top, click on File, and then Check for updates
When it’s finished updating, click the ‘Close’ button

Under ‘Spyware Scan’ on the left, click on ‘Run a spyware scan’
In the left pane, click on ‘Scan Options’
Mark ‘Full system scan’
Check all boxes under ‘Full system scan,’ including ‘Save these options’
In the right pane, near the bottom, click ‘Manage Schedule’
On the left side, select your preferred schedule options
On the right side, under ‘Scheduled Scan Options,’ check:
‘Always run a deep scan’
‘Automatically remove spyware cookies’
Click the ‘Update Schedule’ button

At the top, click on ‘System Tools’
Double-click on ‘History Cleaner’
Check the following options (if they are not grayed-out):
‘Internet Explorer History’
‘Internet Explorer Cookies’
‘Kazaa’
‘Temporary Internet Files’
Review the list for any other ‘History’ items you wish to clean
At the bottom, click ‘Remember checked’
Click on the ‘Clean History’ button
Click the ‘Yes’ button, and then the ‘OK’ button

Click ‘Back’ at the top
Double-click ‘My PC Checkup’
Click the ‘Start’ button
In the first part of the list, uncheck everything up to any ActiveX entries; the entries you uncheck can be checked later, individually, to ensure they won’t interfere with your browsing habits (for maximum protection, however, you may leave them all checked)
Leave all ActiveX entries checked
In the second part of the list ‘(Items already changed below…),’ leave all entries checked
Click the ‘Continue’ button
Click the ‘OK’ button

At the top, click ‘Spyware Scan’
On the right side, click the ‘Scan Now’ button
This will take awhile depending on the size of your drive(s), number of files, CPU, etc. (40 minutes on my computer)
When the scan is complete, use the drop-down arrow next to each entry and select ‘Remove’ (if you see any entries that you think you may wish to keep, ‘Ignore’ them for now and post them for recommendations)
Select ‘Create restore point’ if you want CounterSpy to create a Windows XP System Restore point
At the bottom, click ‘Take Action’
Click the ‘Close’ button and exit the program

Empty your Recycle Bin.

Reboot, close all browser windows, scan with HJT, and post a new log please.

0

Additional notes... Be sure CounterSpy (should you decide to try it) and Kazaabegone scan all drives (C, D, E, and F); and clear the temp folders for each of those drives as well (not just the C drive as stated in my prior post).

An example of the path to a temp folder would be:
D:\Documents and Settings\Mr.Alvandi\Local Settings\Temp
Delete the entire contents of the Temp folder, but not the folder itself (make sure you have your system set to show 'Hidden files and folders').

0

I am sorry if I am being a bit dumb but how do I locate the temp folder to delete the contents?
I can't find them to delete them please be more specific.

0

You need to have your system set to Show hidden files and folders

Click Start

Open My Computer

Select the Tools menu and click Folder Options

Select the View tab

Under the Hidden files and folders heading select Show hidden files and folders

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm

Click OK

(Again, you may need to do this on each drive)

0

OK I did that show hidden files and folders that you said but I still couldn't find the Temp folder, am I being totally >>>>

0

The Temp folders are definitely there, and the instructions dlh6213 posted are pretty specific, so you must be missing something.

Are you able to see the D:\Documents and Settings\Mr.Alvandi\Local Settings folder, or is that not even visible?

0

Thanks for the reply.
OK I found the temp files but I copuld only find them on disk D and the folder was empty anyway.
I di d notice a whole bunch of hidden files named FOUND.000 throught to FOUND.016 on disk D I'm not sure if these are normal.
This other weird thing called Spooler logs keeps reappearing on my disk d too I don't know what it is it looks like a styl;e sheet it's in HTML anyway.
The Centinel V x D end program is still coming upo. I'm going to download CountersPy as recommendended and I'll get back with the results afterwards.
Thanks again for your kind attention and advice :)

0

Thanks for the reply.
OK I found the temp files but I copuld only find them on disk D and the folder was empty anyway.

There's more than one Temp/Temporary folder on XP systems, as dlh6213 pointed out in one of his previous posts; you should make sure to empty the contents of all such folders he mentioned.
In terms of the question of things being on the D: drive, you log does seem to indicate that the installation of Windows you're booted into is indeed on that drive. Can you give us a little more info on your system's layout in that regard?

I di d notice a whole bunch of hidden files named FOUND.000 throught to FOUND.016 on disk D I'm not sure if these are normal.

Those are created by the disk/file checking program that Windows runs after it recovers from serious crashes; the files contain "rescued" data from some of your programs and/or files that got corrupted during the crashes. Keep them around for now, because they may contain data that you might need to restore; they can be deleted later if you determine that none of your critical data was damaged by the crashes.


This other weird thing called Spooler logs keeps reappearing on my disk d too I don't know what it is it looks like a styl;e sheet it's in HTML anyway.

Spool or spooler references are usually related to printing, and would be automatically generated if that's the case. It's probably nothing to worry about, but if you can post a sample of the contents of one of the logs we might be able to tell you more.

0

OK when I open the hidden files and folders and show the operating system files on my PC I can't find documents and settings folders on any other drives except for D:\
In the D:\ docs and settings there is a hidden Local services folder and within this there is a local settings folder which has the TEMP folder in it, the contents are empty.
Inside the documents and settings folder there are 8 folders, these are normally UN-hidden.
Within each of these 8 folders there is a local settings folder which have the TEMP folders inside.
Some of them are already empty or have next to nothing in them ( Temporary Internet files etc)
But the folder which is nammes Alan Kala on D:\ has a TEMP folder with 42MB + of stuff in it
ShallI delete evrything inside this folder?
So it seems all the TEMP folders on my P/C are on my D:\ within these 8 folders.
They definitely don't seem to be present on any other of the hard drives. I am not sure if this is normal.
Should I delete the contents of all of these TEMP files within thse 8 folders?
My computer crashed 2 times today as well unfortuneately

0

To answer your question, yes, you should delete the contents of all temp folders (but not the folders themselves).

But it doesn't sound like you're still finding all of the temp folders. When you go to your D drive, and open the 'Documents and Settings' folder, you should see folders in there for every user on your computer (from what I can gather from your prior posts, there should at least be Administrator, Mr.Alvandi, and possibly Alan Kala).

When you open each of these folders, you should see 'Local Settings' and within that folder you should find 'Temp' and 'Temporary Internet Files' folders.

For each user, you want to delete the contents of the 'Temp' folder completely; in the 'Temporary Internet Files' folder, there should be a 'Content.IE5' folder, and you should delete the contents of that as well.

Also on your D drive, go to the Windows folder, find the Temp folder, and delete the contents.

It's possible you may have a Temp folder directly on your D drive as well, if so, empty it too.

If any files cannot be deleted (because they are 'in use' or whatever), try booting into Safe Mode and removing them.

If you have XP Home Edition, you may need to boot into Safe Mode, and log on as Administrator, to access the Administrator files.

And don't forget to do the search for *.tmp and delete those files too.

Do you have any operating systems installed on your other drives? What are the other drives used for, just data storage?

0

Thanks for replying to my posts.
The operating system is on D;|as far as I know the other drives are for storage.
I downloaded the Counterspy and follow the prev\ious instructions and I have emptied my Temp files please see my HJT log:
Logfile of HijackThis v1.99.0
Scan saved at 8:21:38 PM, on 4/7/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Winamp3\winampa.exe
D:\WINDOWS\SYSTEM32\Mounter.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE
F:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
F:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
D:\WINDOWS\system32\ctfmon.exe
F:\WinZip\WZQKPICK.EXE
E:\ZIPPED\SpySub.exe
D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\WebProxy.exe
C:\unzipped\hijackthis\HijackThis.exe

F2 - REG:system.ini: UserInit=D:\WINDOWS\regedit /s D:\pav.reg,D:\WINDOWS\system32\pavdr.exe,D:\WINDOWS\system32\userinit.exe,
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [Mustek MDC 3000] D:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [THGuard] "D:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [sunasDTServ] F:\Program Files\Sunbelt Software\CounterSpy Client\sunasDTServ.exe
O4 - HKLM\..\Run: [sunasServ] F:\Program Files\Sunbelt Software\CounterSpy Client\sunasServ.exe
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: WinZip Quick Pick.lnk = F:\WinZip\WZQKPICK.EXE
O4 - Global Startup: SpySubtract.lnk = E:\ZIPPED\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - D:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE (file missing)
O9 - Extra button: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @D:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Panda Firewall Service - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Firewall\PavFires.exe
O23 - Service: Panda Function Service - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavFnSvr.exe
O23 - Service: Panda Pavkre - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\Pavkre.exe
O23 - Service: Panda PavProt - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PavProt.exe
O23 - Service: Panda Process Protection Service - Unknown - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\pavsrv51.exe
O23 - Service: Panda Preventium+ Service - Unknown - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\prevsrv.exe
O23 - Service: Panda IManager Service - Panda Software Internacional - D:\Program Files\Panda Software\Panda Titanium Antivirus 2005\PsImSvc.exe

Hopefully after these steps everything will be cool . Thanks for everything again :)

0

There are no indications of malicious infections in your log.

Are you still experiencing any of the problems?

0

I think it is Ok I will post again if anything comes up.
Thanks for all your help :)

0

OK, good. Test-drive the system for a while and let us know if anything abnormal crops up.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.