2 replies to this topic

[Littlelea]

I have an HP dv1000 Notebook which runs Windows XP Home sp2. A few months ago I got a few viruses but I am not sure which ones because the anti-virus programs had cleaned them out but a log was never saved before rebooting the system. According to Panda Anti-Virus 2008, which is what I have on my system now, my system is supposedly clean. I've run several anti-malware programs and other PC aide type programs and followed the instructions. My problem is, is that my system is still running super slow, my display hardware is unable to connect or launch, and drivers still move or disappear. Below is my hijack this log. Please let me know what to do if you see anything out of the ordinary. Thanks so much!

Logfile of HijackThis v1.99.1
Scan saved at 6:17:17 AM, on 5/9/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Panda Security\pavsrv51.exe
C:\Program Files\Panda Security\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\netdde.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Security\PsCtrls.exe
C:\Program Files\Common Files\Panda

Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Security\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\dmadmin.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Panda Security\APVXDWIN.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Panda Security\WebProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows

Live\WLLoginProxy.exe
C:\Program Files\Common Files\Microsoft

Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://us.rd.yahoo.c...*http://www.yah

oo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page

= http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Search_URL =

http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page

= http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,

(Default) =

http://us.rd.yahoo.c...*http://www.yah

oo.com
R3 - URLSearchHook: (no name) - {6dfc55bb-bfff-485a-9709-

90c3fdf6db58} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-

7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-

4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: dsWebAllowBHO Class - {2F85D76C-0569-466F-A488-

493E6BD0E955} - C:\Program Files\Windows Desktop

Search\dsWebAllow.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-

6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: (no name) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} -

(no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-

D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-

8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft

Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A7327C09-B521-4EDB-8509-

7D2660C9EC98} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-

CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-

B6FA-CE66B5AD205D} - C:\Program

Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-

4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-

ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live

Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-

009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: (no name) - {6dfc55bb-bfff-485a-9709-90c3fdf6db58} -

(no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program

Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [APVXDWIN] "C:\Program Files\Panda

Security\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default

Settings\cpqset.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program

Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32

\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32

\igfxpers.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program

Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search -

res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites -

http://favorites.liv...m/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB

-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05

\bin\ssv.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: vzTCPConfig -

http://www2.verizon....vzTCPConfig.CAB
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}

(Support.com Configuration Class) -

https://activatemyfi...oad/FIOS/tgctlc

m.cab
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8}

(ActiveScan 2.0 Installer Class) -

http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB}

(Installation Support) - C:\Program Files\Yahoo!

\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN

Photo Upload Tool) -

http://by119fd.bay11...es/MsnPUpld.cab
O16 - DPF: {512FC5A1-7DE1-43F1-BC0C-371622FCB409}

(TotalScan Installer Class) -

http://www.nanoscan....s/ascstubie.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}

(Windows Live Safety Center Base Module) -

http://cdn.scan.onec.../scanner/wlscba

se370.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C}

(WUWebControl Class) -

http://update.micros...rols/en/x86/cli

ent/wuweb_site.cab?1165354109912
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D}

(HpProductDetection Class) -

http://h20270.www2.h...ProductDetectio

n.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.micros...rols/en/x86/cli

ent/muweb_site.cab?1187757833968
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP

Download Manager) -

https://h20436.www2....re/HPDEXAXO.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737}

(Windows Live Photo Upload Control) - http://cid-

fa2c1bc762a8eb07.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java

Runtime Environment 1.4.1_02) -
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver

Agent ActiveX Control) - http://driveragent.c...driveragent.cab
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7}

(PCPitstop Exam) -

http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: Antiwpa - antiwpa.dll (file missing)
O20 - Winlogon Notify: avldr - C:\WINDOWS\SYSTEM32\avldr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32

\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32

\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-

94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32

\DRIVERS\CDANTSRV.EXE
O23 - Service: Google Updater Service (gusvc) - Google -

C:\Program Files\Google\Common\Google

Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard

Development Company, L.P. - C:\Program

Files\HPQ\shared\hpqwmi.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company,

L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Panda Software Controller - Panda Software

International - C:\Program Files\Panda Security\PsCtrls.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) -

Panda Software - C:\Program Files\Common Files\Panda

Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software

International - C:\Program Files\Panda Security\pavsrv51.exe
O23 - Service: Panda IManager Service (PSIMSVC) - Panda

Software International - C:\Program Files\Panda

Security\PsImSvc.exe

Sincerely,
leaofhb/ Hbtomboy@hotmail.com

[little eagle]

Run - ATF Cleaner instructions here.

----------------


Then download Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform FULL SCAN, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

----------------------------

Reboot and rescan with HiJackThis and post a new log here.
Describe how your computer behaves at the moment.
Also in notepad click format and make sure word wrap is unchecked.

[little eagle]

Due to inactivity this topic will be closed. If you need help please start a new thread and post a new HJT log