Post Reply 
 
Thread Rating:
  • 0 Votes - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Panda gets disabled
24-05-2010, 03:13 AM
Post: #1
Tongue Panda gets disabled
I had a hijacked page, which I thought I had fixed. Then Panda AV was disabled, and start up takes forever. I suspect a hook in the registery? I've ran the DDS tool and pasted the results here. I could also use help to delete Windows Messenger.
Thanks . Rock.

DDS (Ver_10-03-17.01) - NTFSx86 NETWORK
Run by Administrator at 18:00:35.14 on Sun 05/23/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.735.253 [GMT -7:00]

AV: Panda Global Protection 2010 *On-access scanning enabled* (Updated) {8BF935E7-731F-4115-B7A5-789FF5087595}
FW: Panda Personal Firewall 2010 *enabled* {7B090DC0-8905-4BAF-8040-FD98A41C8FB8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\taskmgr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\USER\My Documents\Geekstogo\HiJackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Panda Security\Panda Global Protection 2010\apvxdwin.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Panda Security\Panda Global Protection 2010\WebProxy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\dwwin.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: TransactionProtector BHO: {c1656cca-d2ea-4a32-94ae-ae0b180e6449} - TSToolbarBHO
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1008.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Transaction Protector: {e7620c98-fccc-40e5-92ec-c7685d2e1e40} -
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1008.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Games.com Toolbar: {9da1bcf1-77f5-41c5-b7c3-c597dc20752c} - c:\program files\games.com toolbar\gamescomtb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
mRun: [APVXDWIN] "c:\program files\panda security\panda global protection 2010\APVXDWIN.EXE" /s
mRun: [SCANINICIO] "c:\program files\panda security\panda global protection 2010\Inicio.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Driver Fetch] "c:\program files\driver fetch\2.1.0.0\DriverFetch.exe" --start-trayed
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SiSRaid] c:\program files\silicon integrated systems\sisraidpackage\SRaid.exe
mRun: [File Helper] "c:\program files\file helper\1.2.0.1\FileHelper.exe" --start-trayed
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpaiod~1.lnk - c:\program files\hewlett-packard\aio\hp officejet k series\bin\hpoorn07.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {05317530-B882-449D-9421-18D94FA3ED34} - hxxp://www.sis.com/ocis/OSInfo.cab
DPF: {16095503-786F-4097-AED6-5D567A26D760} - hxxp://www.sis.com/ocis/SiSAutodetectNT.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1219101080125
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} - hxxp://www.trendsecure.com/easy_install/_activex/en-US/TSEasyInstallX.CAB
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: avldr - avldr.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: PASShlExt Class: {51c55f9e-c308-4c95-89ab-8858d8afd819} - c:\program files\paretologic\anti-spyware\PASShlExt.dll

============= SERVICES / DRIVERS ===============

R1 NETFLTDI;Panda Net Driver [TDI Layer];c:\windows\system32\drivers\NETFLTDI.SYS [2010-2-8 159112]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 NETIMFLT01060039;PANDA NDIS IM Filter Miniport v1.6.0.39;c:\windows\system32\drivers\neti1639.sys [2010-2-8 199432]
S1 APPFLT;App Filter Plugin;c:\windows\system32\drivers\APPFLT.SYS [2010-2-8 75016]
S1 DSAFLT;DSA Filter Plugin;c:\windows\system32\drivers\dsaflt.sys [2010-2-8 53128]
S1 FNETMON;NetMon Filter Plugin;c:\windows\system32\drivers\fnetmon.sys [2010-2-8 22072]
S1 IDSFLT;Ids Filter Plugin;c:\windows\system32\drivers\idsflt.sys [2010-2-8 193800]
S1 ShldDrv;Panda File Shield Driver;c:\windows\system32\drivers\ShlDrv51.sys [2010-2-8 41144]
S1 WNMFLT;Wifi Monitor Filter Plugin;c:\windows\system32\drivers\wnmflt.sys [2010-2-8 46728]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-26 189736]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-9 135664]
S2 Gwmsrv;Panda Goodware Cache Manager;c:\windows\system32\svchost -k panda --> c:\windows\system32\svchost -k Panda [?]
S2 Panda Software Controller;Panda Software Controller;c:\program files\panda security\panda global protection 2010\PsCtrlS.exe [2010-2-8 173312]
S2 PAVDRV;pavdrv;c:\windows\system32\drivers\pavdrv51.sys [2010-2-8 84024]
S2 PAVFNSVR;Panda Function Service;c:\program files\panda security\panda global protection 2010\PavFnSvr.exe [2010-2-8 169216]
S2 PavProc;Panda Process Protection Driver;c:\windows\system32\drivers\PavProc.sys [2010-2-8 163336]
S2 PavPrSrv;Panda Process Protection Service;c:\program files\common files\panda security\pavshld\PavPrSrv.exe [2010-2-8 62768]
S2 PAVSRV;Panda On-Access Anti-Malware Service;c:\program files\panda security\panda global protection 2010\PAVSRV51.EXE [2010-2-8 291584]
S2 PskSvcRetail;Panda PSK service;c:\program files\panda security\panda global protection 2010\psksvc.exe [2010-2-8 28928]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 PavTPK.sys;PavTPK.sys;\??\c:\windows\system32\pavtpk.sys --> c:\windows\system32\PavTPK.sys [?]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2008-12-10 7808]

============== File Associations ===============

JSEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBEFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*
VBSFile=c:\progra~1\pandas~1\pandag~1\PavScrip.exe "%1" %*

=============== Created Last 30 ================

2010-05-24 00:32:15 0 d-----w- c:\docume~1\admini~1\applic~1\Office Genuine Advantage
2010-05-24 00:29:35 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-05-24 00:10:00 0 d-----w- c:\docume~1\admini~1\applic~1\Windows Search
2010-05-15 06:19:53 0 d--h--w- c:\windows\PIF
2010-05-15 06:18:42 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-05-14 03:22:01 5 ----a-w- c:\windows\system32\Band4
2010-05-14 03:21:57 7 ----a-w- c:\windows\system32\Class11
2010-04-30 00:43:06 0 d-----w- c:\program files\AOL Games
2010-04-24 08:36:58 0 d-----w- c:\docume~1\alluse~1\applic~1\Panda Software
2010-04-24 07:02:06 0 d-----w- c:\program files\DownloadToolz

==================== Find3M ====================

2010-05-23 23:47:33 336012 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT.bck
2010-05-23 23:47:33 336012 ----a-w- c:\windows\system32\drivers\APPFCONT.DAT
2010-05-22 03:40:03 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG.bck
2010-05-22 03:40:03 1132 ----a-w- c:\windows\system32\drivers\APPFLTR.CFG
2010-05-12 18:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-17 19:41:19 4096 ----a-w- c:\windows\d3dx.dat
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2008-12-29 04:36:32 209816 ----a-w- c:\program files\jre-6u11-windows-i586-p-iftw-k.exe
2008-12-29 04:36:27 607640 ----a-w- c:\program files\jre-6u11-windows-i586-p-iftw.exe
2008-12-29 04:35:09 0 ------w- c:\program files\jre-6u11-windows-i586-p.exe
2008-12-29 04:34:01 1230 ----a-w- c:\program files\jre-6u11-windows-i586-p.exe.sdm
2008-07-14 05:27:42 24439 ----a-w- c:\program files\updatejpegprocessing.docx
2008-07-29 16:44:15 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008072920080730\index.dat

============= FINISH: 18:02:08.46 ===============
Find all posts by this user
Quote this message in a reply
24-05-2010, 09:55 AM
Post: #2
RE: Panda gets disabled
Hello Rockadamss! Welcome to Techmonkeys Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:
  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install or uninstall any software or hardware, while work on.

What about Attach.txt ?

[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
24-05-2010, 09:43 PM
Post: #3
RE: Panda gets disabled
Thanks and I appreciate the help. I checked my mail at work and got your message. I'll download the Attach file tonight.
I did find a file "HDD Hex Editor Neo 4.94" that I know I didn't download, when I checked the Control Panel. When I selected to Remove it,,,It started a installation program! I shut it down with Task Manager. Then found the file in "Documents and Settings". I did delete all of it that I could, but it would not allow me to delete on file saying it was in use.
Also, there was a file PAV_FOG.opc that has a "Bad Microsoft type Logo" on it. I didn't touch it, but suspect it's the virus file that has disabled Panda. I look forward to your help.
Find all posts by this user
Quote this message in a reply
25-05-2010, 08:52 AM
Post: #4
RE: Panda gets disabled
Thanksfor your note and help. I'm running in safe mode until I know we're fixed. I ran a new DSS and Attach file as I had deleted dome of hte HDD Hex Editor Neo 4.94 files, before I heard back. Sorry, but I didn't know how long it might take.
Here's the Attach file:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 7/9/2008 2:56:58 AM
System Uptime: 5/24/2010 10:58:36 PM (1 hours ago)

Motherboard: Foxconn | | 661 7MI
Processor: Intel® Celeron® CPU 2.53GHz | Socket 775 | 2534/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 112 GiB total, 26.933 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP236: 2/22/2010 9:05:45 PM - Removed Driver Detective.
RP237: 2/22/2010 9:57:25 PM - DriverFetch restore point
RP238: 2/22/2010 10:02:08 PM - Installed Realtek AC'97 Audio
RP239: 2/22/2010 10:12:25 PM - Installed Realtek AC'97 Audio
RP240: 2/22/2010 10:43:01 PM - Installed Windows XP Wdf01005.
RP241: 2/22/2010 10:50:13 PM - Installed SiSRaidPackage
RP242: 2/23/2010 10:20:15 PM - Software Distribution Service 3.0
RP243: 2/25/2010 5:46:34 PM - Software Distribution Service 3.0
RP244: 2/25/2010 8:42:42 PM - Advanced Registry Optimizer 2010 - Before Installation
RP245: 2/25/2010 8:45:48 PM - ADVANCED REGISTRY OPTIMIZER 2010- FIRST RUN
RP246: 2/26/2010 8:30:34 PM - Removed Microsoft Office Live Add-in 1.3
RP247: 2/26/2010 8:33:11 PM - Removed Windows Live Sign-in Assistant
RP248: 2/26/2010 8:35:17 PM - Removed Windows Live Sync
RP249: 2/28/2010 1:58:17 PM - System Checkpoint
RP250: 3/2/2010 7:02:21 PM - Software Distribution Service 3.0
RP251: 3/2/2010 9:49:44 PM - Advanced Registry Optimizer 2010 Tue, Mar 02, 10 21:48
RP252: 3/2/2010 9:53:23 PM - DriverFetch restore point
RP253: 3/4/2010 3:52:30 PM - Software Distribution Service 3.0
RP254: 3/5/2010 5:42:32 PM - DriverFetch restore point
RP255: 3/5/2010 5:58:37 PM - DriverFetch restore point
RP256: 3/5/2010 6:30:59 PM - DriverFetch restore point
RP257: 3/5/2010 6:49:54 PM - Configured SiSRaidPackage
RP258: 3/5/2010 6:51:17 PM - Installed Realtek AC'97 Audio
RP259: 3/5/2010 7:29:48 PM - DriverFetch restore point
RP260: 3/5/2010 7:43:37 PM - DriverFetch restore point
RP261: 3/5/2010 7:48:05 PM - Installed Realtek AC'97 Audio
RP262: 3/5/2010 8:07:33 PM - DriverFetch restore point
RP263: 3/5/2010 8:10:58 PM - Installed SiSRaidPackage
RP264: 3/5/2010 8:55:30 PM - DriverFetch restore point
RP265: 3/5/2010 9:50:11 PM - DriverFetch restore point
RP266: 3/5/2010 10:46:17 PM - DriverFetch restore point
RP267: 3/7/2010 4:58:07 PM - System Checkpoint
RP268: 3/11/2010 6:19:33 PM - Software Distribution Service 3.0
RP269: 3/11/2010 10:26:14 PM - Software Distribution Service 3.0
RP270: 3/13/2010 12:45:24 PM - System Checkpoint
RP271: 3/14/2010 4:50:16 PM - System Checkpoint
RP272: 3/15/2010 5:07:03 PM - System Checkpoint
RP273: 3/15/2010 10:46:33 PM - Software Distribution Service 3.0
RP274: 3/18/2010 9:44:13 PM - Software Distribution Service 3.0
RP275: 3/19/2010 10:47:58 PM - System Checkpoint
RP276: 3/21/2010 11:58:17 AM - System Checkpoint
RP277: 3/27/2010 9:19:59 AM - Software Distribution Service 3.0
RP278: 3/28/2010 8:31:36 AM - Installed HHD Software Free Hex Editor Neo 4.93
RP279: 3/28/2010 8:59:14 AM - Removed HHD Software Free Hex Editor Neo 4.93
RP280: 3/28/2010 9:01:44 AM - Installed HHD Software Hex Editor Neo 4.94
RP281: 3/29/2010 7:39:26 PM - System Checkpoint
RP282: 3/31/2010 12:58:02 AM - Software Distribution Service 3.0
RP283: 4/1/2010 11:38:41 PM - Software Distribution Service 3.0
RP284: 4/2/2010 5:34:33 PM - Software Distribution Service 3.0
RP285: 4/3/2010 6:42:41 PM - System Checkpoint
RP286: 4/4/2010 7:16:48 PM - System Checkpoint
RP287: 4/8/2010 11:56:59 PM - Software Distribution Service 3.0
RP288: 4/10/2010 12:19:29 AM - System Checkpoint
RP289: 4/11/2010 1:19:23 AM - System Checkpoint
RP290: 4/14/2010 9:54:20 PM - Software Distribution Service 3.0
RP291: 4/16/2010 12:38:22 AM - Software Distribution Service 3.0
RP292: 4/19/2010 2:53:46 PM - Software Distribution Service 3.0
RP293: 4/23/2010 11:03:15 PM - Software Distribution Service 3.0
RP294: 4/29/2010 5:17:39 PM - Software Distribution Service 3.0
RP295: 5/2/2010 2:17:32 PM - System Checkpoint
RP296: 5/3/2010 3:01:44 PM - System Checkpoint
RP297: 5/7/2010 6:23:57 PM - Software Distribution Service 3.0
RP298: 5/8/2010 6:46:21 PM - System Checkpoint
RP299: 5/9/2010 7:07:39 PM - System Checkpoint
RP300: 5/10/2010 5:49:26 PM - Software Distribution Service 3.0
RP301: 5/12/2010 10:22:06 PM - Software Distribution Service 3.0
RP302: 5/13/2010 8:28:37 PM - Software Distribution Service 3.0
RP303: 5/14/2010 9:46:57 PM - System Checkpoint
RP304: 5/23/2010 8:55:01 PM - Installed Java™ 6 Update 20
RP305: 5/23/2010 10:46:46 PM - Removed HHD Software Hex Editor Neo 4.94

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Reader 9.3.2
Advanced Registry Optimizer
ALPS Touch Pad Driver
AOPA's Real-Time Flight Planner 1.2.2
Apple Application Support
Apple Software Update
Ask Toolbar
ATI - Software Uninstall Utility
Canon Photo Effects
Cisco Network Magic
Compatibility Pack for the 2007 Office system
Critical Update for Windows Media Player 11 (KB959772)
Download Updater (AOL LLC)
Driver Fetch
Empress of the Deep - The Darkest Secret
File Helper 1.2.0.1
Fotosizer 1.17
Games.com Toolbar
Google Toolbar for Internet Explorer
Google Update Helper
HHD Software Hex Editor Neo 4.94
Hidden Expedition - Everest (remove only)
Hidden Expedition - Titanic (remove only)
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
hp officejet k series
Index Dat Spy 2.1.0
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 20
Java™ 6 Update 7
Junk Mail filter update
Malwarebytes' Anti-Malware
MemTurbo 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mortimer Beckett and the Time Paradox
MSN Toolbar
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Magic
OGA Notifier 2.0.0048.0
Panda Global Protection 2010
ParetoLogic Anti-Spyware
ParetoLogic Data Recovery
ParetoLogic DriverCure
Pure Networks Platform
QuickTime
Realtek AC'97 Audio
Seagate Manager Installer
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SiSAGP driver
SiSRaidPackage
Uniblue SpeedUpMyPC
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB942763)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebEx
WebEx Support Manager for Internet Explorer
WebFldrs XP
Windows Defender
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
Yahoo! Software Update
Yahoo! Toolbar

==== Event Viewer Messages From Past Week ========

5/23/2010 5:37:19 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service Panda Software Controller with arguments "" in order to run the server: {1D13E84F-91EE-45C7-9656-A05E3417B4D5}
5/23/2010 5:32:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
5/23/2010 5:22:45 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service COMSysApp with arguments "" in order to run the server: {182C40F0-32E4-11D0-818B-00A0C9231C29}
5/23/2010 5:10:15 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
5/23/2010 5:09:56 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: APPFLT DSAFLT Fips FNETMON IDSFLT intelppm ShldDrv WNMFLT
5/23/2010 5:09:08 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
5/23/2010 4:41:04 PM, error: DCOM [10005] - DCOM got error "%1053" attempting to start the service gusvc with arguments "" in order to run the server: {89DAE4CD-9F17-4980-902A-99BA84A8F5C8}
5/23/2010 4:38:37 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Gwmsrv service.
5/21/2010 8:35:31 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
5/21/2010 8:35:31 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2010 12:15:11 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/21/2010 12:13:28 PM, error: Service Control Manager [7034] - The DNS Client service terminated unexpectedly. It has done this 1 time(s).
5/21/2010 12:06:26 PM, error: Service Control Manager [7022] - The Panda On-Access Anti-Malware Service service hung on starting.
5/21/2010 12:04:55 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Windows Search service to connect.
5/21/2010 12:04:55 PM, error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/21/2010 12:03:07 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/21/2010 12:03:07 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================
Find all posts by this user
Quote this message in a reply
25-05-2010, 10:50 AM
Post: #5
RE: Panda gets disabled
Step 1

Please go into the Control Panel, Add/Remove and for now remove ALL versions of JAVA

Then run this tool to help cleanup any left over Java
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please download JavaRa and unzip it to your desktop.
***Please close any instances of Internet Explorer (or other web browser) before continuing!***
  • Double-click on JavaRa.exe to start the program.
  • From the drop-down menu, choose English and click on Select.
  • JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
  • Click Yes when prompted. When JavaRa is done, a notice will appear that a logfile has been produced. Click OK.
  • A logfile will pop up. Please save it to a convenient location and post it back when you reply

    Then look for the following Java folders and if found delete them.
    C:\Program Files\Java
    C:\Program Files\Common Files\Java
    C:\Windows\Sun
    C:\Documents and Settings\All Users\Application Data\Java
    C:\Documents and Settings\All Users\Application Data\Sun\Java
    C:\Documents and Settings\username\Application Data\Java
    C:\Documents and Settings\username\Application Data\Sun\Java


Step 2
  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


In your next reply, please include these log(s) in this sequence:

  1. JavaRa log
  2. MalwareBytes' Anti-Malware log

[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
26-05-2010, 12:57 AM
Post: #6
RE: Panda gets disabled
Thanks Maniac.
I'll run the tool, and hope I'm not to late. Last night I opened up in "Safe" mode to check the e mail. It took a long time to open, which is wrong. I reset. The next time it, locked up and I reset again. When opened I checked Panda and it had been shut down, so I clicked "Solve" to get it restarted. A bit later, it was disabled while I was watching. I also heard my hard drive working overtime, so I disconnected from the internet, and it settled down. I believe the HHD Neo 4.94 or another program was using the web to send or receive bad juju.

I believe you're on the right track and I'll follow your steps. Thanks again.
Find all posts by this user
Quote this message in a reply
26-05-2010, 08:34 AM (This post was last modified: 26-05-2010 09:04 AM by Rockadamss.)
Post: #7
Big Grin RE: Panda gets disabled
Maniac,
You're doing great! We found some bad actors. Here's the files from Javara and Malwarebytes.
JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue May 25 23:06:45 2010

Found and removed: C:\Program Files\Java\jre1.6.0_07

Found and removed: C:\Documents and Settings\USER\Application Data\Sun\Java\jre1.6.0_10

Found and removed: C:\Documents and Settings\USER\Application Data\Sun\Java\jre1.6.0_11

Found and removed: C:\Documents and Settings\USER\Application Data\Sun\Java\jre1.6.0_12

Found and removed: C:\Documents and Settings\USER\Application Data\Sun\Java\jre1.6.0_13

Found and removed: C:\Documents and Settings\USER\Application Data\Sun\Java\jre1.6.0_14

Found and removed: C:\Documents and Settings\USER\Application Data\Sun\Java\jre1.6.0_17

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_07

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_07

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ACBB9B2318A96D117A58000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\8A0F842331866D117AB7000B0D610007

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{3248F0A8-6813-11D6-A77B-00B0D0160070}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_07\bin\

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue May 25 23:07:52 2010

------------------------------------

Finished reporting.


Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/25/2010 11:29:37 PM
mbam-log-2010-05-25 (23-29-37).txt

Scan type: Quick scan
Objects scanned: 151318
Time elapsed: 9 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
I did go to IE for a goggle search to learn about the trojan we removed, and noticed that I'm still getting re-directs if I don't copy and paste an address. I assume we'll get to fixing that as we go forward. IT IS running better already.
Find all posts by this user
Quote this message in a reply
26-05-2010, 02:22 PM
Post: #8
RE: Panda gets disabled
Your database version is 4052 , but the current is 4144 , so please:
  • Launch Malwarebytes' Anti-Malware
  • Go to "Update" tab and select "Check for Updates". If an update is found, it will download and install the latest version.
  • Go to "Scanner" tab and select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

[Image: 5f2kg5.gif]

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here [Image: paypal.gif]
Send this user an email Visit this user's website Find all posts by this user
Quote this message in a reply
26-05-2010, 07:53 PM (This post was last modified: 26-05-2010 07:54 PM by Rockadamss.)
Post: #9
RE: Panda gets disabled
I did select the update on Malwarebytes and it responded with an "Updated" note. I ran it and received the report I forwarded, unless I sent the wrong log, but the date stamp and time is correct for yesterday.
I'll recheck and update and send the new log. Sorry.
P.S. Does it make an difference taht I'm running in Safe mode?
Find all posts by this user
Quote this message in a reply
27-05-2010, 01:54 AM (This post was last modified: 27-05-2010 01:55 AM by Rockadamss.)
Post: #10
RE: Panda gets disabled
Here's the updated Malwarebytes run after Updating. No new files were found. What's next?
Sorry, forgot to post the log.
Malwarebytes' Anti-Malware 1.46
http://www.malwarebytes.org

Database version: 4147

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/26/2010 4:48:21 PM
mbam-log-2010-05-26 (16-48-21).txt

Scan type: Quick scan
Objects scanned: 157072
Time elapsed: 15 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump: