I have been experiencing problem after problem with my computer, and I would really appreciate some sage advice. I don't want to bore you with a bunch of details you don't need, so I'll just say I am losing the battle against malware. The Internet Gods seem to have smiled on me though, and I find myself here.
My thanks in advance for your insight and time.
I am using XP (all updates installed, all instant message programs uninstalled I think)
I use FireFox
I use Panda Internet Security 2005 (trial)
I have followed the steps outlined in "Geeks To Go _ Malware Removal - HiJackThis Logs Go Here _ You Must Read This Before Posting A Hijackthis Log" to the best of my ability.
Specifically; I have run,
the WinSockFix utility
CleanUp!
Ad-aware SE
CWShredder
Spybot S&D (at this point I visited spywarewarrior and unintalled the adware/malware protection I had been using)
Ewido Security Suite
TrojanHunter
Hijack This
EVERY scan seemed to find something new
I have also run numerous scans with Panda
Here are the logs which I think are requested.
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:09:15 AM, 20/08/2005
+ Report-Checksum: 2C586643
+ Scan result:
HKU\S-1-5-21-1004336348-492894223-1957994488-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1004336348-492894223-1957994488-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-1004336348-492894223-1957994488-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1004336348-492894223-1957994488-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1004336348-492894223-1957994488-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1004336348-492894223-1957994488-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
:mozilla.6:D:\Documents and Settings\jhgojbgfbf\Application Data\Mozilla\Firefox\Profiles\ba5otgi6.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.7:D:\Documents and Settings\jhgojbgfbf\Application Data\Mozilla\Firefox\Profiles\ba5otgi6.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.8:D:\Documents and Settings\jhgojbgfbf\Application Data\Mozilla\Firefox\Profiles\ba5otgi6.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
D:\System Volume Information\_restore{B32500C8-9991-4AF5-8667-9F48CE777EA0}\RP125\A0035637.dll -> Dialer.Generic : Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 10:18:05 AM, on 20/08/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\SYSTEM32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\WebProxy.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\AVENGINE.EXE
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\System32\alg.exe
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\WINDOWS\SYSTEM32\USRshutA.exe
D:\WINDOWS\SYSTEM32\USRmlnkA.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\system32\atiptaxx.exe
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\apvxdwin.exe
D:\Program Files\Netscape Online Accelerator\slipaccel.exe
D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
D:\Documents and Settings\jhgojbgfbf\Desktop\HijackThis.exe
D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\SRVLOAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5401
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [USRpdA] D:\WINDOWS\SYSTEM32\USRmlnkA.exe RunServices \Device\3cpipe-USRpdA
O4 - HKLM\..\Run: [QuickTime Task] "D:\WINDOWS\system32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [SCANINICIO] "D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Inicio.exe"
O4 - HKLM\..\Run: [APVXDWIN] "D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [THGuard] D:\Program Files\TrojanHunter 4.2\THGuard.exe
O4 - HKLM\..\RunServices: [PANDA ANTISPAM SERVER SERVICE] "D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PasSrv.exe"
O4 - HKCU\..\Run: [slipaccel.exe] "D:\Program Files\Netscape Online Accelerator\slipaccel.exe"
O4 - Global Startup: Netscape Online Accelerator.lnk = D:\Program Files\Netscape Online Accelerator\slipaccel.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...96/mcinsctl.cab
O16 - DPF: {B7E76C25-791F-432E-BDB7-748D01A93FC2} (VacPro.int_ver30) - http://advnt01.com/d...r/int_ver30.CAB
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcaf...,26/mcgdmgr.cab
O23 - Service: Ati HotKey Poller - Unknown owner - D:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Panda Antispam Server Service (PASSRV) - Unknown owner - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PaSSrv.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\Firewall\PavFires.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavFnSvr.exe
O23 - Service: Panda PavProt (PavProt) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PavProt.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - D:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\pavsrv51.exe
O23 - Service: Panda Preventium+ Service (PREVSRV) - Panda Software - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\prevsrv.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software Internacional - D:\Program Files\Panda Software\Panda Platinum 2005 Internet Security\PsImSvc.exe
I am having firewall trouble and am not sure if it is a conflict between my AV protection and windows security center and my browser, or if it is the result of a malware infection, or if I just set something wrong.
Startup is still extreemly slow and I do not know if this is due to malware or perhaps if it might just be all the new scanning programs I have installed at your advice.
If I am still infected , If I am not then some advice on which of the programs I DLed are best to buy and how they should be set up to work peacefully and cooperatively together would be awesome.
EDIT:
After surfing for a while and trying a couple of games I am guessing that I am still iinfected. Things are running pretty slowly.
I have also been getting an error message everytime I restart. The error message pops up as soon as I click the restart icon.The title box of the error message says "USRprobdA.exe - DLL Initialization Failed". The Error message is "The application failed to start because the window station is shutting down"
I am also being driven crazy by my firewall. Panda can't seem to install it prperly as I keep getting an error message stating that an internal error has occurred in a Panda component. Windows Security can't make up its mind wheather the firewall is working or not. At some restarts Windows security center seems to think that the fire wall is fine and at other restarts security center flashes all kinds of warning about the Panda firewall being down. I was having the same trouble with The Panda 2005 Titanium trial and so uninstalled it and tried the Platinum 2005 instead. Prior to installing any of the Panda products I was using McAfee securty on a trial basis.
I have had this computer connected to the internet for about 3 weeks not and I think these problems might go back that far. I knew I was going to have problems as I needed to connect to the internet to get the upgrades and protection I needed to be safe when connected to the internet. a catch 22 as it were. I thought I would be able to disinfect anything that got though the limited protection I started with. But it has proven to be much more difficult than I remember.
Again Thanks for your time
END EDIT
Edited by TheoDread, 20 August 2005 - 06:44 PM.