Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

It Killed Panda and svchost !


  • Please log in to reply

#16
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I have the HJT file and checked the "start up" parts.
I was able to restore the avlldr Panda file, so I think all's well there.
I've deleted the 2 Symantec files. I had deleted Symantec on Control Panel and these two files showed up, so I did delete them after this listing. I'm trying to remove the AS ans AV extra files I don't need.

Another thing. The PC Mighty MAx program, I deleted with Control panel. I deleted both it and SpyBot and restarted. Both still show up in Program Files with full files? I'm happy to delete them, but I thought the Control panel remove would do that. At any rate, it doesn't look like the "Change/Remove portion of Control panel is doing its thing.

I'm not getting any pop up's and that's good.

I'm traveling this afternoon and won't be able to work on the computer for a couple of days, but I'll prpobably check the posts.

Here's the last HJT.


Logfile of HijackThis v1.99.1
Scan saved at 10:51, on 07-01-29
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\AOL\1155058514\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\SONNET~1\COLORI~1\PROGRAM\HGCCTL95.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\America Online 9.0\waol.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
C:\program files\common files\aol\1155058514\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\common files\aol\1155058514\ee\aolsoftware.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155058514\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ASM] C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe HIDEMAIN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\SONNET~1\COLORI~1\PROGRAM\HGCCTL95.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0\AOL.EXE" -b
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/o...utodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154467452281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166219201234
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv50.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe

Edited by steveAA, 29 January 2007 - 11:39 AM.

  • 0

Advertisements


#17
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Hi

By the looks of your HJT log that O20 line for Panda's avldr did not get restored properly.
This sometimes happens when Hijackthis is moved after fixing things.
No biggy. we can make reg fix to restore it. Worst case we'll uninstall Panda & re-install it.

When you get back please do me the startuplist log I asked for in post # 15
I really want to see this log cus I want to have a look at installed services/drivers.

PC MightyMax....
Some programs don't uninstall so well. Not because windows add/remove programs issue but issue with the program's uninstaller itself. Some really do a dirty job of uninstall.
Go ahead and delete the Pc MightyMax folder itself.

No more popups = good.

See ya when you get back :whistling:
  • 0

#18
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Thanks for the help. I'm back from the trip. Deleted Mighty Max. I've attached the latest HJT and I checked the start up boxes.
Funny thing I just found is that the Playlists that were on media player are gone. It's like they were all deleted. mmm Not a big deal but a question. System has been running OK except long start ups.
Here's HJT.
Logfile of HijackThis v1.99.1
Scan saved at 21:42, on 07-01-31
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\AOL\1155058514\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\SONNET~1\COLORI~1\PROGRAM\HGCCTL95.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\program files\common files\aol\1155058514\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
c:\program files\common files\aol\1155058514\ee\aolsoftware.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Documents and Settings\All Users\Application Data\AOL\C_America Online 9.0\OptScan.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155058514\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ASM] C:\Program Files\AOL\Active Security Monitor\ASMonitor.exe HIDEMAIN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\SONNET~1\COLORI~1\PROGRAM\HGCCTL95.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKCU\..\Run: [Spyware Doctor] C:\Program Files\Spyware Doctor\swdoctor.exe /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/o...utodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safe...wlscbase969.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154467452281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166219201234
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv50.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
  • 0

#19
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Hi

Hope the trip went well :whistling:

Good to see that Panda entry restored.

Not sure what to say about the playlists dissapearing cept the possibility one of your antispyware apps have an aggressive history cleaner and it also cleared playlists. (generally in the program's "system tools" or similar)

Slow start......

You have several antimalware apps running resident.
it should be alright to have em all installed but having them all run resident will slow things down considerably and most likely cause conflicts. Much like running more than one AV or firewall.

I would disable AOL's scanner so it does not run at boot. If you need to scan with it you should be able to access this manually.
I don't have AOL so am unsure exactly how to get to its options.

This should help:

http://www.daniweb.c...t107290-10.html

I would not go as far as making AOL's files read-only but certainly do disable the scanner.
Disable its scheduled task as well through the program interface.

Your choice what antispyware you want to run resident.
I think your Panda has antispyware. If it was me I would choose this because then you have one "main" app to "play with" (the whole suite of av, fw, as)

SuperAntispyware does not have a whole lot of resident running but I would disable it from running at startup (from within the program's options if possible)

Should be able to tell Spyware Doctor not to load at boot. (from within spyware doctor's options)

All those apps you can run manually as needed.
Did you purchase Spyware Doctor? meaning it is not a trial app?

Let me know if cutting back on some of these apps help any.

Thanks :blink:
  • 0

#20
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Boy, Blender, you've helped a lot. I stopped several start up programs and Windows does starts faster, and I seem to be running almost like normal.

Spyware Doctor is the trial program. I scan with it and use its results to correct things manually or compare the others. It actually finds a few things that Panda doesn't. Out of all the various program I tried, I believe Panda does a great overall job. I've started uninstalling the AS and AV's as each time I check behind it, it's pretty clean. Panda cleans up behind Norton and several others big time!

I also used Registry Mechanic, a trial also, and everything is manual, so it's careful time. Which brings a registry question up. Under HKCU/ M/Win/CU/Internet settings/zone map/Domains I found a long list of bad looking web sites that I know I didn't visit. How do they get there? Is that a history listing? How much can be deleted? RM listed one as a dialer to be deleted and when I looked it up I was surprised to see all the others. NOTE: Are a listing from "Zonedout" a program that is to block these sites. Is that right?

I finally stopped AOL's Spyzapper at start up. If you don't have the desktop icon for it, it's tough to navigate to. AOL also has a disquised security program called Active Security Monitor which when uninstalled isn't fully gone so I had to delete another folder in program files.

I think we've satisfied what we originally started to do and taken care of all the malware and hiccups. I still have my concerns about correct registries, but I'll keep learning and post a new topic later.
If you agree, we can close off. You've been fantastic :whistling: and taught me a lot, not to mention fixed what we started.

Edited by steveAA, 01 February 2007 - 05:31 PM.

  • 0

#21
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Hi

Great to hear things are running better.

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zone Map\Domains...

Those should be all the restricted sites added to your Internet Explorer.
If you click on one of the "sites"; in the right panel should show * REG_DWORD 0x00000004(4)

4 means restricted.
2 means trusted

If they are set at 4 then you are fine.

Don't have to check each one...
Easier way to do this.

Open Internet options in control panel
Click "security" tab
Hilight "trusted"
Click "sites" if available..
Anything you don't trust in there?

Now hilight the "restricted" tab> sites> see em all listed?
There is like a ton of em in there. :whistling:

"Zonedout" is a program that adds sites to your restricted zone for IE.
Restricted does not mean blocked but does limit what a site is allowed to do.

Java, ActiveX, Scripting, etc is not allowed to run.
If these can't run then your chance of getting infected is greatly reduced.

Do note that there are sometimes minor conflicts with these different antimalware programs seeing the Protections others have added and falsely detecting them as threats.
This being said...do continue to research & ask if not sure why one of these programs want to remove stuff.

We can delete the tools we used.

Combofix.exe
combofix.txt
lsa.txt
Inspect.zip
Inspect.bat

Since the HJT log is clean, here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://www.geekstogo...;page=How_did_I
http://boards.cexx.o...x.php?topic=957
http://russelltexas....re/allclear.htm
http://forum.malware...wtopic.php?t=14
http://www.bleepingc...topict2520.html
http://cybercoyote.o...not-admin.shtml

Happy surfing!
keep well & safe.

I'll keep the topic open for a couple days.
Do come back in a couple days and let me know if all is still well.

Blender.
  • 0

#22
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Everything IS much better,,, and thank you very much. You are GREAT! The desktop comes up faster also. AOL is acting funny and seems to drop off line more often since I deleted the "Active Security Monitor", and I suspect that's the reason.

I can start a new topic else where, but a simple question is how can I "Check my Windows 2000 system to make sure everything is as it should be?" Is there a scan and repair on Microsoft's website or something similar that will tell or list if something's amiss?

Edited by steveAA, 12 February 2007 - 11:51 AM.

  • 0

#23
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Hi

Glad things are running good.
Possible uninstalling Active Security Monitor did not reset something correctly.
Shouldn't affect it though really...
All it is is just an app that monitors your 'security level"
If AV is installed, running & up to date,
If firewall is installed/running
General PC security settings
Several other things.
If it thinks something is lacking reducing security it tells you and gives suggestions to fix.

More info:

http://free.aol.com/...p?promo=808524#

Click the MORE INFO & SYSTEM REQUIREMENTS link at bottom of page. (its a popup info page)

I don't think I would bother with it since there should be a "security center" bundled with your Panda suite.

You mentioned you turned stopped several startup programs?...how did you do this? What did you disable?

There is an online "system safety" scanner you can use.

http://onecare.live....-us/default.htm

It uses ActiveX and you will have to install it to run the scan.

Checks several things..
Scans for malware, disk fragmention, temp files, registry items pointing to non existant programs.

Generally I don't let it fix my registry.

I would also check with windows update to make sure you got all critical updates installed.
  • 0

#24
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Thanks again. I'm having trouble running Live Scan. At first I had to disable Active X and it still showed the balloon of can't install due to my settings. I logged out of AOL and ran IE, and shut down Panda. Finally got to a download and it said, "The procedure entry point Trace/Message could not be located in the DLL AdVAP132.dll". Never could get it to scan and I think that's where some of my problems are. I now don't really remember where I had set the Internet settings for active scripting, etc and now am on medium default security.
Panda then had an error, which bothered me, and it said to restart. It's aways been good, but this made nervous. The restart took forever and at shutdown I had to close "Centinel VxD" and I've never heard of it. I hope it's part of the download, or partial download of the Live Scan. Due to the funny's, I ran a HJT and here it is. The very first R-1 listing make me think the LiveScan was corrupted in download.
Logfile of HijackThis v1.99.1
Scan saved at 17:45, on 07-02-13
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv50.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\AVENGINE.EXE
c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\AOL\1155058514\ee\AOLSoftware.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\PROGRA~1\SONNET~1\COLORI~1\PROGRAM\HGCCTL95.EXE
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE
C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
C:\WINNT\system32\sistray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
c:\program files\panda software\panda antivirus + firewall 2007\WebProxy.exe
C:\program files\common files\aol\1155058514\ee\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\WINNT\system32\wuauclt.exe
C:\HJT\HijackThis.exe
C:\WINNT\system32\taskmgr.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1155058514\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
O4 - HKLM\..\Run: [Colorific Control Panel] C:\PROGRA~1\SONNET~1\COLORI~1\PROGRAM\HGCCTL95.EXE
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - Global Startup: HPAiODevice(hp officejet k series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet k series\Bin\hpoorn07.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Utility Tray.lnk = C:\WINNT\system32\sistray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\system32\Shdocvw.dll
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/ocis/OSInfo.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/o...utodetectNT.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1154467452281
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1166219201234
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} (SABScanProcesses Class) - http://www.superadbl...ivex/sabspx.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avldr - C:\WINNT\SYSTEM32\avldr.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\pavsrv50.exe
O23 - Service: Panda Network Manager (PNMSRV) - Panda Software International - c:\program files\panda software\panda antivirus + firewall 2007\firewall\PNMSRV.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\PsImSvc.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus + Firewall 2007\TPSrv.exe



As for the disabling of the desktop/startup, I uninstalled several of the AS or AV's that I was trying out. I kept SuperAnti SpyKiller, CC cleaner, ATF in case I'd need them in the future. Not sure why, but just my thinking. I disabled them on start up (I think) so I would have to start them manually, although I do have shortcuts.
I 've installed all the Windows updates and have Auto-updates operating. Talk to ya soon.

Edited by steveAA, 13 February 2007 - 05:59 PM.

  • 0

#25
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Hi

Sorry for not replying sooner. I was up for about 30 hours & had to crash.
Now that I can think straight......

Seems a fair number of people are having issues with "Centinal.vxd". This is part of Panda and not malware.

No definate solution I can find yet. Doing some searching around but you can try the following.

First try disabling the "floppy scan". I don't use panda so I am unsure exactly how to get there.
Gotta be in scan options somewhere.
Do you even have a floppy drive? If no floppy drive (or you rarely use floppies or never leave them in the drive) you can leave "floppy scan" disabled. You can still have Panda scan stuff on floppies.
I think the floppy scan at boot is so Panda will warn you if you left a floppy in the drive when shutting down system.
Old day virus protection--this was the most common way viruses spread was by infecting a floppy disk and someone leaving the drive in system-- when user rebooted the virus from floppy would install from the bootable floppy.

If no dice disabling floppy scan-- try uninstalling Panda completely then re-installing.

That R1 was likely added by your Panda.
If you are not using Proxy you can undo it like this:

Open Internet Options in control panel
Click "connections" tab.
Under "Lan" click "Lan Settings"
Uncheck "use proxy server..."
Apply & OK settings.

Let me know what happens.

Blender
  • 0

Advertisements


#26
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Glad you got some sleep. I've had a few of those EXTRA long days.

I already had unchecked "Scan Floppy Drives on shutdown on Panda" and I checked Internet settings and "Use proxy server" was not activated.
I haven't re-installed Panda yet, but if that's it, I can live with it.
The other funny thing is that today, a AOL scheduled scan found "Trojan Regfish.A" and I blocked it, but it wasn't shown on any other AS. I had disabled the AOL scan on start up, but I guess the scheduled time one still runs.

Interestingly enough all the latest issues have developed after I did 4 things.
1-Updated MS WMediaPlayer 9.0 because it was choppy- Still is and I've reset settings as per their CD1197 error repair. I suspect my broadband server is slow as they have regular issues with that and I've done everything listed on MS self-help fpr Media 9. OR it could be related to what we've been trying to resolve and

2-Installed the latest MS 2000 secuitry update. The one it says can't be undone once installed.

3-Installed a new driver for HP Kx80xi printer. I'd been using my laptop for all printing. I got the Blue Screen of Death and the next start up and remembered fighting this the last time I reinstalled it. I don't recall how I finally fixed it as it was a year ago. Event viewer says:
The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000000, 0x00000002, 0x00000001, 0x8042c253). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\Minidump\Mini021407-01.dmp.

Started getting the following Code in event viewer.
The following boot-start or system-start driver(s) failed to load: eeCtrl

4- Installed the Windows 2000 auto update and has this message in Event properties. Event viewer said:
Restart Required: To complete the installation of the following updates, the computer will be restarted within 5 minutes:
- Security Update for Windows 2000 (KB928843)
- Windows Malicious Software Removal Tool - February 2007 (KB890830)
- Security Update for Windows 2000 (KB926436)
- Cumulative Security Update for Internet Explorer 6 Service Pack 1 (KB928090)
- Security Update for Windows 2000 (KB918118)
- Security Update for Microsoft Data Access Components 2.5 Service Pack 3 (KB927779)
- Security Update for Windows 2000 (KB924667)
Now I also get this message in Event viewer:

The description for Event ID ( 0 ) in Source ( PNMSRV ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: Service started.

More than we planned on, but I see things much better. I followed the "preventing Reinfection" advice but I do have to admit to getting tired of the Warnings about Active scripting and Active X controls. Is Firefox the ultimate solution?

Thanks again and don't lose sleep because of me. I do appreciate your knowledge and I'm learning.

Edited by steveAA, 14 February 2007 - 06:58 PM.

  • 0

#27
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Hi

The description for Event ID ( 0 ) in Source ( PNMSRV ) cannot be found--- PNMSRV is part of Panda. Its firewall. Looking for info but the 2 sites that seem to have what I want are not working atm.

eeCtrl seems to be a part of Norton. Might have some leftovers from him. This could be source of conflicts.

AOL's scheduled scanner if you want to disable it you can either through AOL itself ot disable the task here:

C:\winnt\tasks
Right click the AOL scanner task and disable it. (I'm pretty sure you can do this on 2K)

next thing I wanna see is a bootlog but can't get one without msconfig and 2K does not have that app.
You can use XP's.
Can be downloaded from here:

http://www.techadvic...sconfig_w2k.htm

Slap it in your system32 folder. (make sure it is unzipped)

Clisk start> run> type msconfig and hit enter.
Click the boot.ini tab.
checkmark /bootlog
Hit Ok and "close"
Go ahead and reboot when told.

When you get the msconfig nag screen at bootup just check the box that says "don't tell me this again" and say OK.

Locate this file and post its contents:

C:\Winnt\ntbtlog.txt

if its too big to post you can attach it here please.

You remember the location of this that your AOL found? Trojan Regfish.A
If you find the file can you upload a copy here please:

http://www.uploadmalware.com

Username -- SteveAA

URL where requested: link to this thread

Comments -- can put that I asked for the file.

Thanks!
  • 0

#28
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
The AOL task isn't in the Winnt/task file. In fact it's almost empty.

I didn't find the Regfish.A. The AOL program said it blocked it. I searched , but couldn't find it.

The bootlog was to big. I've attached it. The msconfig download worked well.

Let me know what you see. I believe I saw a bunch of programs that I thought I had deleted.
Thanks agin.

Attached Files


  • 0

#29
Blender

Blender

    Malware Expert

  • Member
  • PipPipPip
  • 187 posts
  • MVP
Hi and thanks for the log. :whistling:

This should get rid of the error you are getting with Norton leftovers.

Download this file and unzip it to c:\winnt\system32

ftp://ftp.microsoft.com/reskit/win2000/sc.zip

Win2K does not have sc.exe to configure services but XP does and 2K does have resorce tools for the downlaod.

Now type: cmd and hit enter.
Type this command and hit enter:

sc delete "eeCtrl"

Should get success messege.

Reboot and eeCtrl error should be resolved.

Are you getting error messeges regarding ATWPKT2.SYS?
It is part of AOL and by the looks of your bootlog its having issues loading.

Can you check event viewer for errors regarding this?

Start> run> eventvwr (hit enter)

Most likely under "system"
Don't worry about the blue "informational" alerts.
Mostly the red error ones I'm interested in.

Thanks :blink:
  • 0

#30
steveAA

steveAA

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
I haven't noticed any AOL error issues, but I think you're right as that log looks like it has a lot of ? marks and reloads. But then again, I have to admit that I don't know what to look for. The event viewer shows no AOL errors. However I did discover eeCtl failed to load notices. I considered searching the registry and deleting the symantec listings, but thought I better be careful. I did delete a symantec listing then stopped after thinking about it.

Edited by steveAA, 16 February 2007 - 02:22 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP