A few days ago i found a virus in my computer during a scan. The virus is called W32.IRCBot.D. You can find info about this virus from http://securityresponse.symantec.com/avcen...2.ircbot.d.html
I was just starting to remove the virus but the aintivirus program didn't open, so i couldnt do the full system scan. Could it be because of the virus? I have Symantec Antivirus.
Hijackthis's scanlist, if that is any help:
Logfile of HijackThis v1.99.1
Scan saved at 15:15:30, on 29.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Media Access\MediaAccess.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\??chost.exe
C:\Documents and Settings\Lauri\My Documents\M'ngud\Furc\Furcadia\Furcadia.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Lauri\My Documents\Blah\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {8A8A2DB1-9653-C3D2-2422-9B5B502B6197} - C:\WINDOWS\System32\jljqvdbk.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: (no name) - {AA68EEB5-0507-5784-7D57-0CC2B95446C2} - C:\WINDOWS\System32\rtas.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: (no name) - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\aklsp.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Viirusetõrje\fswsclds.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Full Version: W32.IRCBot.D
Hi Chalirius,
It is not a good idea to have multiple anti virus products running. These programs get in each other's way. Use just one as an "On Access" scanner. You can keep the other one for "On Demand" scanning.
Download WinSockFix and LSPFix.
Start the application, and click the "I know what I'm doing" checkbox.
Check all instances of c:\windows\system32\aklsp.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish and reboot.
Check your internet connection and verify that it is working. In rare instances LSPFix may break your connection. If this happens, run WinSockFix to repair it.
You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.
Launch Notepad, and copy/paste the box below into a new text file. Save it as FindFile.bat and save it on your Desktop.
Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.
Run HijackThis, click on "Scan" and check the boxes next to all these items.
R3 - Default URLSearchHook is missing
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: (no name) - {8A8A2DB1-9653-C3D2-2422-9B5B502B6197} - C:\WINDOWS\System32\jljqvdbk.dll
O2 - BHO: (no name) - {AA68EEB5-0507-5784-7D57-0CC2B95446C2} - C:\WINDOWS\System32\rtas.dll (file missing)
O3 - Toolbar: (no name) - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
<insert file> is on Spyware Warrior's Rogue List. Uninstall this program!
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
There are restrictions set on Control Panel. If you or your system administrator has not put this restriction on Control Panel, also check this item.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl (file missing)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".
Restart your computer in Safe Mode. How do I Safe Boot my computer?
Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.
Folders and files with a tilde (~), means that there is a file/folder that starts with the six characters in front of the tilde, note that there may be spaces in the name. If there are more than one, please report them back and do not delete!
Delete the following files in red (it could be that they are deleted already):
C:\WINDOWS\SYSTEM\Loader.dll
C:\WINDOWS\System32\jljqvdbk.dll
C:\WINDOWS\System32\rtas.dll
C:\WINDOWS\System32\sndcfg16.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\msc.cpl
Delete the following folders in red (it could be that they are deleted already):
C:\Program Files\AdwareFilter
C:\Program Files\Media Access
Restart your computer and post a new log in this thread.
It is not a good idea to have multiple anti virus products running. These programs get in each other's way. Use just one as an "On Access" scanner. You can keep the other one for "On Demand" scanning.
Download WinSockFix and LSPFix.
Start the application, and click the "I know what I'm doing" checkbox.
Check all instances of c:\windows\system32\aklsp.dll (and nothing else), and move them to the "Remove" pane.
Then click Finish and reboot.
Check your internet connection and verify that it is working. In rare instances LSPFix may break your connection. If this happens, run WinSockFix to repair it.
You might want to save this page on your favorites, so you can find it again when you return. You can also click on your name and click on "Find All Posts" to find your thread.
Launch Notepad, and copy/paste the box below into a new text file. Save it as FindFile.bat and save it on your Desktop.
CODE
dir C:\WINDOWS\system32\??chost.exe /a h > files.txt
notepad files.txt
notepad files.txt
Locate FindFile.bat on your Desktop and double-click on it. It will open Notepad with some text in it. Please post the text here.
Run HijackThis, click on "Scan" and check the boxes next to all these items.
R3 - Default URLSearchHook is missing
O2 - BHO: Loader Class - {2E246FAE-8420-11D9-870D-000C2917DE7F} - C:\WINDOWS\SYSTEM\Loader.dll
O2 - BHO: (no name) - {8A8A2DB1-9653-C3D2-2422-9B5B502B6197} - C:\WINDOWS\System32\jljqvdbk.dll
O2 - BHO: (no name) - {AA68EEB5-0507-5784-7D57-0CC2B95446C2} - C:\WINDOWS\System32\rtas.dll (file missing)
O3 - Toolbar: (no name) - {5345A7A9-805A-4923-B505-86B2FEBA3FE0} - (no file)
O4 - HKLM\..\Run: [WinProfile] sndcfg16.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [gah95on6] C:\WINDOWS\System32\gah95on6.exe
<insert file> is on Spyware Warrior's Rogue List. Uninstall this program!
O4 - Global Startup: AdwareFilter Background Protection.lnk = C:\Program Files\AdwareFilter\adwarefilter.exe
There are restrictions set on Control Panel. If you or your system administrator has not put this restriction on Control Panel, also check this item.
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O21 - SSODL: SysTray - {E61B5E20-DE35-11CF-9C87-1579005127ED} - C:\WINDOWS\System32\msc.cpl (file missing)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".
Restart your computer in Safe Mode. How do I Safe Boot my computer?
Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.
Folders and files with a tilde (~), means that there is a file/folder that starts with the six characters in front of the tilde, note that there may be spaces in the name. If there are more than one, please report them back and do not delete!
Delete the following files in red (it could be that they are deleted already):
C:\WINDOWS\SYSTEM\Loader.dll
C:\WINDOWS\System32\jljqvdbk.dll
C:\WINDOWS\System32\rtas.dll
C:\WINDOWS\System32\sndcfg16.exe
C:\WINDOWS\System32\gah95on6.exe
C:\WINDOWS\System32\msc.cpl
Delete the following folders in red (it could be that they are deleted already):
C:\Program Files\AdwareFilter
C:\Program Files\Media Access
Restart your computer and post a new log in this thread.
The antivirus is still not working. And there were no files with instances of
c:\windows\system32\aklsp.dll to remove with lspfix.
FindFile:
Volume in drive C is ANDRES
Volume Serial Number is 135B-1EEB
Directory of C:\WINDOWS\system32
20.09.2002 17:48 12˙800 svchost.exe
06.04.2005 15:39 425˙984 ??chost.exe
2 File(s) 438˙784 bytes
Directory of C:\Documents and Settings\Lauri\Desktop
Logfile of HijackThis v1.99.1
Scan saved at 11:35:10, on 2.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\VPC32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Lauri\My Documents\Blah\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: WebCheck - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Viirusetõrje\fswsclds.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
c:\windows\system32\aklsp.dll to remove with lspfix.
FindFile:
Volume in drive C is ANDRES
Volume Serial Number is 135B-1EEB
Directory of C:\WINDOWS\system32
20.09.2002 17:48 12˙800 svchost.exe
06.04.2005 15:39 425˙984 ??chost.exe
2 File(s) 438˙784 bytes
Directory of C:\Documents and Settings\Lauri\Desktop
Logfile of HijackThis v1.99.1
Scan saved at 11:35:10, on 2.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Media Access\MediaAccK.exe
C:\Program Files\Media Access\MediaAccess.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\VPC32.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Lauri\My Documents\Blah\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: WebCheck - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - F-Secure Corporation - C:\Program Files\Viirusetõrje\fswsclds.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Hi Chalirius,
I see Panda, Norton and F-Secure in your log. Please uninstall two of them, because that might be the problem that none is starting up. Anti-virus programs don't play nice with each other!
Open "Add/Remove Programs" in the Control Panel. Select the following items:
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.
Run HijackThis, click on "Scan" and check the boxes next to all these items.
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O21 - SSODL: WebCheck - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".
Restart your computer in Safe Mode. How do I Safe Boot my computer?
Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.
Delete the following files in red (it could be that they are deleted already):
C:\WINDOWS\system32\??chost.exe <-- Be careful not to delete svchost.exe. The file you want to delete is dated 06.04.2005 and is 425984 bytes in size!
Restart your computer and post a new log in this thread.
I see Panda, Norton and F-Secure in your log. Please uninstall two of them, because that might be the problem that none is starting up. Anti-virus programs don't play nice with each other!
Open "Add/Remove Programs" in the Control Panel. Select the following items:
- Media Access
Please create a list of programs that can be removed using Add/Remove Programs
Start HiJackThis. Click "Config"->"Misc Tools"->"Open Uninstall Manager" ->"Save List".
Save the log to a convenient location, and copy it into this thread.
Run HijackThis, click on "Scan" and check the boxes next to all these items.
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O21 - SSODL: WebCheck - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked".
Restart your computer in Safe Mode. How do I Safe Boot my computer?
Show hidden files. How do I show hidden files?
At the end if the fix you can return the files to hidden status if you want.
Delete the following files in red (it could be that they are deleted already):
C:\WINDOWS\system32\??chost.exe <-- Be careful not to delete svchost.exe. The file you want to delete is dated 06.04.2005 and is 425984 bytes in size!
Restart your computer and post a new log in this thread.
I got rid of Panda and F-secure, but the Symantec still wont work.
Add/Remove programs list:
1410: Teutoonide viimane rünnak
1st Page 2000 2.00 Free
ACDSee 4.0
Ad-aware 6 Personal
Adobe Acrobat 4.0
Adobe Photoshop 7.0
Avance AC'97 Audio
DivX
DivX Player
DogProxy II
Dope Wars 2000 V1.10
Easy CD Creator 5 Basic
FlashGet(JetCar)
Game Maker 4
Google Toolbar for Internet Explorer
GXB Dialer 160-extremepc
HijackThis 1.99.1
Internet Explorer Q832894
LiveUpdate 1.80 (Symantec Corporation)
Microsoft Data Access Components KB870669
Microsoft Office 2000 Professional
Mobile Phone Manager
Monkey 4 Web Demo
MSN Messenger 6.2
MSXML4 Parser
Multimedia Card Reader
Network Play System (Patching)
NVIDIA Windows 2000/XP Display Drivers
OIN
Outlook Express Q837009
PDFlib PSP 1.0.1
PowerDVD
QuickTime
RealPlayer
Regio CD-Atlas 99
RTP for RM2K (Png, Wav, Midi, Fonts)
Search Relevancy
Shareaza version 2.1.0.0
Shockwave
Spybot - Search & Destroy 1.3
Star Wars JK II Jedi Outcast
Symantec AntiVirus Client
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB893086
Windows XP Hotfix (SP2) Q819696
Windows XP Related
WinRAR archiver
Logfile of HijackThis v1.99.1
Scan saved at 17:01:55, on 2.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dumprep.exe
C:\Documents and Settings\Lauri\My Documents\Blah\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Viirusetõrje\fswsclds.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Add/Remove programs list:
1410: Teutoonide viimane rünnak
1st Page 2000 2.00 Free
ACDSee 4.0
Ad-aware 6 Personal
Adobe Acrobat 4.0
Adobe Photoshop 7.0
Avance AC'97 Audio
DivX
DivX Player
DogProxy II
Dope Wars 2000 V1.10
Easy CD Creator 5 Basic
FlashGet(JetCar)
Game Maker 4
Google Toolbar for Internet Explorer
GXB Dialer 160-extremepc
HijackThis 1.99.1
Internet Explorer Q832894
LiveUpdate 1.80 (Symantec Corporation)
Microsoft Data Access Components KB870669
Microsoft Office 2000 Professional
Mobile Phone Manager
Monkey 4 Web Demo
MSN Messenger 6.2
MSXML4 Parser
Multimedia Card Reader
Network Play System (Patching)
NVIDIA Windows 2000/XP Display Drivers
OIN
Outlook Express Q837009
PDFlib PSP 1.0.1
PowerDVD
QuickTime
RealPlayer
Regio CD-Atlas 99
RTP for RM2K (Png, Wav, Midi, Fonts)
Search Relevancy
Shareaza version 2.1.0.0
Shockwave
Spybot - Search & Destroy 1.3
Star Wars JK II Jedi Outcast
Symantec AntiVirus Client
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Windows Installer 3.1 (KB893803)
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows Media Player Hotfix [See Q828026 for more information]
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB826939
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB840374
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892944
Windows XP Hotfix - KB893086
Windows XP Hotfix (SP2) Q819696
Windows XP Related
WinRAR archiver
Logfile of HijackThis v1.99.1
Scan saved at 17:01:55, on 2.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\dumprep.exe
C:\Documents and Settings\Lauri\My Documents\Blah\HijackThis.exe
C:\WINDOWS\System32\dwwin.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Viirusetõrje\fswsclds.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Hi Chalirius,
You have some known baddies in your uninstall list. Open "Add/Remove Programs" in the Control Panel. Select the following items:
Run HijackThis, click on "Scan" and check the boxes next to all these items.
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
These two are added because they are the anti-viruses I was talking about. They are not bad! They might be hindering Norton though.
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Viirusetõrje\fswsclds.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread.
Is Norton Anti-Virus starting?
QUOTE
I got rid of Panda and F-secure, but the Symantec still wont work.
I still see Panda in the log.QUOTE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
You have some known baddies in your uninstall list. Open "Add/Remove Programs" in the Control Panel. Select the following items:
- Search Relevancy
- Viewpoint Manager (Remove Only)
- Viewpoint Media Player
Run HijackThis, click on "Scan" and check the boxes next to all these items.
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
These two are added because they are the anti-viruses I was talking about. They are not bad! They might be hindering Norton though.
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Viirusetõrje\fswsclds.exe (file missing)
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread.
Is Norton Anti-Virus starting?
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Viirusetõrje\fswsclds.exe (file missing)
and
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
keep coming back.
and
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
keep coming back.
Hi Chalirius,
Run Spybot-S&D. Go to the Mode menu, and make sure "Advanced Mode" is selected. On the left hand side, choose Tools -> Resident and uncheck "Resident TeaTimer" and OK any prompts. Restart your computer.
Afterwards can you retry my previous instructions.
Run Spybot-S&D. Go to the Mode menu, and make sure "Advanced Mode" is selected. On the left hand side, choose Tools -> Resident and uncheck "Resident TeaTimer" and OK any prompts. Restart your computer.
Afterwards can you retry my previous instructions.
Still nothing.
By the way: It is also not possible to uninstall the antivirus without crashing the computer.
By the way: It is also not possible to uninstall the antivirus without crashing the computer.
QUOTE (Chalirius @ Jul 4 2005, 01:53 PM)
Still nothing.
By the way: It is also not possible to uninstall the antivirus without crashing the computer.
What happens when you uninstall it? By the way: It is also not possible to uninstall the antivirus without crashing the computer.
Launch Notepad, and copy/paste the box below into a new text file. Save it as Options.txt on your Desktop.
QUOTE
RegSearch Options File
[Search]
F-Secure
Fswsclds)
Viirusetõrje
Panda
PavPrSrv
[Exclude]
[Options]
Filter=KVDLU
[Search]
F-Secure
Fswsclds)
Viirusetõrje
Panda
PavPrSrv
[Exclude]
[Options]
Filter=KVDLU
Download Registry Search and extract it. Doubleclick the icon to run and click on "Import...". Select the file you created above. Click "OK" and Registry Search will search the Registry and report what it finds. Post that here.
Can you also post a log from HijackThis.
REGEDIT4
; Registry Search by Bobbi Flekman
; Version: 1.0.1.4
; Results at 5.07.2005 18:21:39 for strings:
; 'f-secure'
; 'fswsclds)'
; 'viirusetõrje'
; 'panda'
; 'pavprsrv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\f-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\pandasoftware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\pandasoftware.es]
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\support.f-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\us.pandasoftware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan]
@="Panda ActiveScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1]
@="Panda ActiveScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}]
@="Panda ActiveScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\F-Secure.License]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\F-Secure.License\Shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\F-Secure.License\Shell\Open]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA0AC514-C1AE-11D3-84E7-005004C65534}\1.0\0\win32]
@="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\fsbwce.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA0AC514-C1AE-11D3-84E7-005004C65534}\1.0\HELPDIR]
@="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0]
@="Panda PZ 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0]
@="Panda ActiveScan 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure]
"InstallationRootDirectory"="C:\\Program Files\\Viirusetõrje"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\FSSetup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Gatekeeper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Gatekeeper\Plug-Ins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\GKH2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\GKH2\Plug-Ins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Gatekeeper Handler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Gatekeeper Handler]
"DisplayName"="F-Secure Gatekeeper Handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Gatekeeper Handler]
"ImagePath"="C:\\Program Files\\Viirusetõrje\\Common\\fsgk32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Windows Security Center trigger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Windows Security Center trigger]
"DisplayName"="F-Secure Windows Security Center trigger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Windows Security Center trigger]
"ImagePath"="C:\\Program Files\\Viirusetõrje\\fswsctg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\127]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\181]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\185]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\253]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\277]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\277]
"Plugin"="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\pextnbplugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\303]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\303]
"Plugin"="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\pextnbplugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\305]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\305]
"Plugin"="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\pextnbplugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
"CODEBASE"="http://www.pandasoftware.com/activescan/as5/asinst.cab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\ActiveScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
"InstallDir"="C:\\Program Files\\Common Files\\Panda Software\\PavShld"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_COMFILTR\0000]
"DeviceDesc"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"Service"="F-Secure Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"DeviceDesc"="F-Secure File System Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_GATEKEEPER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"Service"="F-Secure Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"DeviceDesc"="F-Secure File System Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FSDFW\0000]
"DeviceDesc"="F-Secure Distributed Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FSWSCLDS\0000]
"DeviceDesc"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000]
"Service"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000]
"DeviceDesc"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000\Control]
"ActiveService"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ComFiltr]
"DisplayName"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\F-Secure Anti-Virus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\F-Secure Management Agent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fswsclds]
"DisplayName"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv]
"DisplayName"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv\Enum]
"0"="Root\\LEGACY_PAVPRSRV\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_COMFILTR\0000]
"DeviceDesc"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"Service"="F-Secure Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"DeviceDesc"="F-Secure File System Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_GATEKEEPER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"Service"="F-Secure Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"DeviceDesc"="F-Secure File System Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FSDFW\0000]
"DeviceDesc"="F-Secure Distributed Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FSWSCLDS\0000]
"DeviceDesc"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPRSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPRSRV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPRSRV\0000]
"Service"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPRSRV\0000]
"DeviceDesc"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ComFiltr]
"DisplayName"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\F-Secure Anti-Virus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\F-Secure Management Agent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Fswsclds]
"DisplayName"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PavPrSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PavPrSrv]
"DisplayName"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PavPrSrv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMFILTR\0000]
"DeviceDesc"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"Service"="F-Secure Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"DeviceDesc"="F-Secure File System Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_GATEKEEPER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"Service"="F-Secure Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"DeviceDesc"="F-Secure File System Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSDFW\0000]
"DeviceDesc"="F-Secure Distributed Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSWSCLDS\0000]
"DeviceDesc"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000]
"Service"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000]
"DeviceDesc"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000\Control]
"ActiveService"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ComFiltr]
"DisplayName"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\F-Secure Anti-Virus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\F-Secure Management Agent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fswsclds]
"DisplayName"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv]
"DisplayName"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv\Enum]
"0"="Root\\LEGACY_PAVPRSRV\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\F-Secure]
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\F-Secure\DFW]
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="PavPrSrv"
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"004"="F-secure"
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File1"="C:\\Documents and Settings\\Lauri\\My Documents\\Panda\\Uninstal.dll"
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Viirusetõrje + Personaalne Tulemüür]
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Viirusetõrje + Personaalne Tulemüür\Internet Shield]
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Viirusetõrje + Personaalne Tulemüür\Virus Protection]
; End Of The Log...
Logfile of HijackThis v1.99.1
Scan saved at 18:23:12, on 5.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lauri\My Documents\RegSearch\RegSearch.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Lauri\My Documents\Blah\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Viirusetõrje\fswsclds.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
; Registry Search by Bobbi Flekman
; Version: 1.0.1.4
; Results at 5.07.2005 18:21:39 for strings:
; 'f-secure'
; 'fswsclds)'
; 'viirusetõrje'
; 'panda'
; 'pavprsrv'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\f-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\pandasoftware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\pandasoftware.es]
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\support.f-secure.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\AkSoft\.Hotsites\us.pandasoftware.com]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan]
@="Panda ActiveScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveScan.1]
@="Panda ActiveScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96567F65-E04C-4611-AF29-7CDEA6FA6A84}]
@="Panda ActiveScan"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\F-Secure.License]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\F-Secure.License\Shell]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\F-Secure.License\Shell\Open]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA0AC514-C1AE-11D3-84E7-005004C65534}\1.0\0\win32]
@="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\fsbwce.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA0AC514-C1AE-11D3-84E7-005004C65534}\1.0\HELPDIR]
@="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DA2BD42B-07E8-413A-9FEA-BB3B2E825340}\1.0]
@="Panda PZ 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{DE61612C-D504-4284-A17E-2A695253B43C}\1.0]
@="Panda ActiveScan 1.0 Type Library"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure]
"InstallationRootDirectory"="C:\\Program Files\\Viirusetõrje"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\FSSetup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Gatekeeper]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Gatekeeper\Plug-Ins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\GKH2]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\GKH2\Plug-Ins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Gatekeeper Handler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Gatekeeper Handler]
"DisplayName"="F-Secure Gatekeeper Handler"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Gatekeeper Handler]
"ImagePath"="C:\\Program Files\\Viirusetõrje\\Common\\fsgk32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Windows Security Center trigger]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Windows Security Center trigger]
"DisplayName"="F-Secure Windows Security Center trigger"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Management Agent\Plug-Ins\F-Secure Windows Security Center trigger]
"ImagePath"="C:\\Program Files\\Viirusetõrje\\fswsctg.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\Setup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\127]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\181]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\185]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\253]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\277]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\277]
"Plugin"="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\pextnbplugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\303]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\303]
"Plugin"="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\pextnbplugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\305]
[HKEY_LOCAL_MACHINE\SOFTWARE\Data Fellows\F-Secure\TNB\Products\305]
"Plugin"="C:\\Program Files\\Viirusetõrje\\backweb\\3294319\\program\\pextnbplugin.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9A9307A0-7DA4-4DAF-B042-5009F29E09E1}\DownloadInformation]
"CODEBASE"="http://www.pandasoftware.com/activescan/as5/asinst.cab"
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\ActiveScan]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
[HKEY_LOCAL_MACHINE\SOFTWARE\Panda Software\PavShld]
"InstallDir"="C:\\Program Files\\Common Files\\Panda Software\\PavShld"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_COMFILTR\0000]
"DeviceDesc"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"Service"="F-Secure Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"DeviceDesc"="F-Secure File System Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_FILTER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_GATEKEEPER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"Service"="F-Secure Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"DeviceDesc"="F-Secure File System Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FSDFW\0000]
"DeviceDesc"="F-Secure Distributed Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_FSWSCLDS\0000]
"DeviceDesc"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000]
"Service"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000]
"DeviceDesc"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_PAVPRSRV\0000\Control]
"ActiveService"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ComFiltr]
"DisplayName"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\F-Secure Anti-Virus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\F-Secure Management Agent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Fswsclds]
"DisplayName"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv]
"DisplayName"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PavPrSrv\Enum]
"0"="Root\\LEGACY_PAVPRSRV\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_COMFILTR\0000]
"DeviceDesc"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"Service"="F-Secure Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"DeviceDesc"="F-Secure File System Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_FILTER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_GATEKEEPER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"Service"="F-Secure Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"DeviceDesc"="F-Secure File System Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FSDFW\0000]
"DeviceDesc"="F-Secure Distributed Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_FSWSCLDS\0000]
"DeviceDesc"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPRSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPRSRV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPRSRV\0000]
"Service"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_PAVPRSRV\0000]
"DeviceDesc"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ComFiltr]
"DisplayName"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\F-Secure Anti-Virus]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Eventlog\Application\F-Secure Management Agent]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\Fswsclds]
"DisplayName"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PavPrSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PavPrSrv]
"DisplayName"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\PavPrSrv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_COMFILTR\0000]
"DeviceDesc"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"Service"="F-Secure Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000]
"DeviceDesc"="F-Secure File System Filter"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_FILTER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_GATEKEEPER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"Service"="F-Secure Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000]
"DeviceDesc"="F-Secure File System Recognizer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_F-SECURE_RECOGNIZER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSDFW\0000]
"DeviceDesc"="F-Secure Distributed Firewall Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_FSWSCLDS\0000]
"DeviceDesc"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPROC\0000]
"DeviceDesc"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000]
"Service"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000]
"DeviceDesc"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_PAVPRSRV\0000\Control]
"ActiveService"="PavPrSrv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SHLDDRV\0000]
"DeviceDesc"="Panda File Shield Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ComFiltr]
"DisplayName"="Panda Anti-Dialer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\F-Secure Anti-Virus]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\F-Secure Management Agent]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Fswsclds]
"DisplayName"="F-Secure Windows Security Center Legacy Detection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavProc]
"DisplayName"="Panda Process Protection Driver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv]
"DisplayName"="Panda Process Protection Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PavPrSrv\Enum]
"0"="Root\\LEGACY_PAVPRSRV\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ShldDrv]
"DisplayName"="Panda File Shield Driver"
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\F-Secure]
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\F-Secure\DFW]
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"003"="PavPrSrv"
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Search Assistant\ACMru\5603]
"004"="F-secure"
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Applets\Wordpad\Recent File List]
"File1"="C:\\Documents and Settings\\Lauri\\My Documents\\Panda\\Uninstal.dll"
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Viirusetõrje + Personaalne Tulemüür]
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Viirusetõrje + Personaalne Tulemüür\Internet Shield]
[HKEY_USERS\S-1-5-21-1220945662-1060284298-1343024091-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Viirusetõrje + Personaalne Tulemüür\Virus Protection]
; End Of The Log...
Logfile of HijackThis v1.99.1
Scan saved at 18:23:12, on 5.07.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\soundman.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Lauri\My Documents\RegSearch\RegSearch.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Lauri\My Documents\Blah\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neti.ee/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O4 - HKLM\..\Run: [SoundMan] soundman.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Viirusetõrje\fswsclds.exe (file missing)
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Hi Chalirius,
Run HijackThis, click on "Scan" and check the boxes next to all these items.
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread.
This may be a dumb suggestion, but have you tried reinstalling Norton?
Run HijackThis, click on "Scan" and check the boxes next to all these items.
O21 - SSODL: ShellFolder for CD Burning - {E61B5E20-DE35-11CF-9C87-1579005127ED} - (no file)
Then close all windows, and browsers, except HijackThis. Tell HijackThis to "Fix checked". Restart your computer and post a new log in this thread.
This may be a dumb suggestion, but have you tried reinstalling Norton?
I just did, but it STILL won't open. I guess that the problem is PavPrSrv.exe, but i can't end the process, delete the folder or delete it with HijackThis. Is there any other ways to get rid of it?
By the way, O21 in HijackThis keeps coming back.
By the way, O21 in HijackThis keeps coming back.
Hi Chalirius,
Run HijackThis. Click on "Config...", "Misc Tools", "Open process manager". Select
Can you rename the file pavprsrv.bak? See if you can do it then...
Run HijackThis. Click on "Config...", "Misc Tools", "Open process manager". Select
- C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
Can you rename the file pavprsrv.bak? See if you can do it then...
"Could not be killed. It may already have been closed or it may be protected by Windows."
I ckecked the service.msg and i found that Panda IS a service. The problem is, that it is started and can't be stopped. Now what?
I ckecked the service.msg and i found that Panda IS a service. The problem is, that it is started and can't be stopped. Now what?
Can you start your computer in safe mode? Is the file in memory then? If not, rename then...
No... it's not PavPrSrv.exe afterall, because the file doesn't work in the safe mode but Symantec still won't open.
Do you get a message when you open it? And if so, what is that message?
No message. I just double-click it, and nothing happens. About 10 minutes later the window opens but it's just blank white.
Ok..... Let's try something else... Can you post a HijackThis log from Safe Mode... See if something gets hidden in Normal mode!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.