|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
|
Topic Tools |
#1
|
|||
|
|||
antivirus 2010 will not remove completly
Winxp2 I have ran malwarebytes and panda antivirus to try to clean up antivirus 2010 but some files could not be removed, also ran online scanners that found infections but could not remove them. I can not get windows update to run. auto updates can not be turned on. I get redirected to wrong web sites often. computer is very slow. Logfile of HijackThis v1.99.1
Scan saved at 5:54:10 PM, on 9/25/2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe C:\Program Files\UPHClean\uphclean.exe C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe C:\Program Files\Panda Security\Panda Internet Security 2010\AVENGINE.EXE C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Panda Security\Panda Internet Security 2010\PavBckPT.exe C:\Program Files\Panda Security\Panda Internet Security 2010\WebProxy.exe C:\WINDOWS\system32\wscntfy.exe C:\My Backup -- 11-09-09 2230\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.soapcentral.com/soapcentral/index.php R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda Security\Panda Internet Security 2010\APVXDWIN.EXE" /s O4 - HKLM\..\Run: [SCANINICIO] "C:\Program Files\Panda Security\Panda Internet Security 2010\Inicio.exe" O4 - HKLM\..\Run: [Qzodu] rundll32.exe "C:\WINDOWS\idiyacikofegi.dll",Startup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O11 - Options group: [INTERNATIONAL] International O16 - DPF: microsoft xml parser for java - file:///C:/WINDOWS/Java/classes/xmldso.cab O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase6796.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab O16 - DPF: {ceddf50d-9fa7-41a8-bcd0-6350d1ed2306} (SecurityManager Class) - https://care.windstream.com/lwp/stat...ller_3-0-0.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O16 - DPF: {EFD3EA56-234D-4240-90EA-CC9FA3AF5A01} (ConnectivityTester Class) - https://care.windstream.com/lwp/stat...ELControls.cab O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Background Intelligent Transfer Service (BITS) - Unknown owner - %fystemRoot%\system32\svchost.exe (file missing) O23 - Service: Panda Software Controller (panda software controller) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsCtrls.exe O23 - Service: Panda Function Service (pavfnsvr) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PavFnSvr.exe O23 - Service: Panda Process Protection Service (pavprsrv) - Panda Security, S.L. - C:\Program Files\Common Files\Panda Security\PavShld\pavprsrv.exe O23 - Service: Panda On-Access Anti-Malware Service (pavsrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\pavsrv51.exe O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS O23 - Service: Panda Host Service (pshost) - Panda Security International - c:\program files\panda security\panda internet security 2010\firewall\PSHOST.EXE O23 - Service: Panda IManager Service (psimsvc) - Panda Security S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PsImSvc.exe O23 - Service: Panda PSK service (psksvcretail) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\PskSvc.exe O23 - Service: Panda TPSrv (tpsrv) - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Internet Security 2010\TPSrv.exe O23 - Service: Automatic Updates (wuauserv) - Unknown owner - %fystemroot%\system32\svchost.exe (file missing) |
#2
|
||||
|
||||
Welcome to CTH, chiathomas!
Hopefully, you can download and run the following, if not, we will go an alternate route: Please download RootRepeal to your Desktop.
When the scan finishes, click on: Save Report Name the log RootRepeal.txt and save it to your Desktop. Please provide the RootRepeal report in your reply. ~~~~ If RootRepeal does not run, please reboot and download the latest version of GMER to your Desktop. Once downloaded, double-click on gmer.zip and unzip the file to its own folder. Now, make sure all other running programs are closed and no other actions like a scheduled antivirus scan occurs while this stool runs. Also do not use your computer during the scan. Caution** Please Do NOT take any action on any "<--- ROOKIT" entries Double-click on gmer.exe to run it.
Last edited by Aaflac; September 26th, 2009 at 04:15 AM. |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics | ||||
Topic | Topic Starter | Forum | Replies | Last Post |
can not completly remove Folder Lock 6.1.4 | t2nlong | Applications | 4 | July 21st, 2010 01:38 PM |
Antivirus XP 2010 | bbeese | Malware Removal | 111 | April 1st, 2010 04:14 AM |
antivirus XP 2010 | faerylights | Malware Removal | 6 | March 7th, 2010 09:05 PM |
Antivirus Pro 2010 | epix | Malware Removal | 63 | September 22nd, 2009 01:12 AM |
PC Antivirus 2010, maybe others | rlah | Malware Removal | 41 | September 9th, 2009 11:00 PM |
All times are GMT +1. The time now is 12:50 PM.