[vic66]

Hi all, was in hospital a few days and returned found out son
had added and removrd lots of stuff. (he is now in quarantine)
have run SaS, a squared in safe mode also virus scan
I just dont know if i should remove anyth«ing from hijackscan?
xp pro sp2
thank
hers the scan

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:17:18, on 29-08-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\WINDOWS\system32\IoCtlSvc.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\programas\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\WINDOWS\Explorer.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programas\Panda Software\Panda Internet Security 2007\ApvxdWin.exe
D:\WinPatrol\winpatrol.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\WINDOWS\SYSTEM32\LVCOMSX.EXE
C:\WINDOWS\SYSTEM32\cidaemon.exe
C:\PROGRAMAS\EZ-DUB\EZ-DUB.EXE
E:\a-squared Free\a2service.exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: World_Tv_Center toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Programas\World_Tv_Center\tbWor1.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programas\IE7Pro\IE7Pro.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: World_Tv_Center toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Programas\World_Tv_Center\tbWor1.dll
O3 - Toolbar: World_Tv_Center toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Programas\World_Tv_Center\tbWor1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCRtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [WinPatrol] D:\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Search -
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programas\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programas\IE7Pro\IE7Pro.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4E8A3661-FB5B-4AEF-BF60-B0E9712FAE49} (Silverwire Image Uploader 3.0 Control) - http://www.fotowire.com/download/cli...eUploader3.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1182530546718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{5CE1DED3-F082-4619-B898-1811199FF6D8}: NameServer = 212.55.154.174
O20 - Winlogon Notify: !SASWinLogon - D:\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - E:\a-squared Free\a2service.exe
O23 - Service: NBService - Nero AG - E:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoCtlSvc.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PsImSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programas\Ficheiros comuns\Ulead Systems\DVD\ULCDRSvr.exe
--
End of file - 7841 bytes

[vic66]

HI,
Somebody please answer, I dont know what to do?
Is this log clean?

[evilfantasy]

I just got here.
Working on it.

[vic66]

Thank much evilfantasy!

[evilfantasy]

Open HJT and select Do a system scan only.
Remember do not click Fix checked until you have closed all windows including this one!
Place a checkmark next to
O8 - Extra context menu item: &Search -

Remember close all windows and click Fix checked.
Restart the computer and let me know how things are now.

Is your Panda Security Paid, Trial or other? This is important!!!!
Is the WinPatrol Paid, Trial or other? This is important!!!

Uninstall a-squared free. This is an advanced tool and should not be used as a regular tool. Much damage can be done by a-squared if not VERY careful!

Let me know how things are now.

[vic66]

THANK evilfantasy! so far so good!

Panda is paid for,waiting for subscription to run out

Win patrol is free!

when the time comes (in about 6 months ) will be buying my own pc
and then getting all the advice i need from this great forum!
(You know what to install and stuff)

THANK very much evilfantasy!
For now i will keep learning the basics.
ONCE AGAIN THANK!

.

[evilfantasy]

OK, I don't know if I have had you download and use CCleaner yet but this would be a good time to do so.

Use the default options.
If you do not have CCleaner please install it. Here
Once CCleaner is open use the default options and click Analyze and it will show a log of what will be removed. Next click Run Cleaner to remove everything.
Next on the upper left of CCleaner select the Issues tab.
Next click Scan For Issues. Next click Fix selected issues.
It will prompt you to make a backup. For the first run I would suggest doing so.

Safe Surfing.

[evilfantasy]

One more thing. Spybot had a pretty big update last night. Did you check for updates before the scan? Also update the immunize feature.

[vic66]

done

THANK YOU