[vic66]

Hi everyone,It has been a while, was in the hospital 2weeks.
My family decided to surprise me and that they did!
they added some new programs!
OK here is my problem.
I am running panda platinum security.which has its own antispyware program.
Family decided to add bo clean,spyware blaster, spyware terminater with real time protection avg antispyware 7.5 also with real time protection.
I also have on demand scanners ad aware spybot(tea timer off)and a squared.
when i got home ran scanners and found 17 trojans and some adware junk.
I an now wooried i might be hijacked.
can somebody take a look please.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:38:57, on 02-10-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AVENGINE.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\a-squared Free\a2service.exe
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PsCtrls.exe
C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
c:\programas\panda software\panda internet security 2007\firewall\PSHOST.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\psimsvc.exe
C:\Programas\SiteAdvisor\6172\SAService.exe
C:\Programas\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE
C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
C:\Programas\BillP Studios\WinPatrol\WinPatrol.exe
C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Programas\Panda Software\Panda Internet Security 2007\SRVLOAD.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\WebProxy.exe
C:\PROGRAMAS\SITEADVISOR\6172\SITEADV.EXE
C:\Programas\Panda Software\Panda Internet Security 2007\PavBckPT.exe
C:\Programas\uTorrent\uTorrent.exe
C:\Programas\Bowlfish\eMule.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\Fabio\Definições locais\Temporary Internet Files\Content.IE5\GSE4YWAK\HiJackThis[2].exe
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.pt/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
R3 - URLSearchHook: WorldTV Bar Toolbar - {44c0b463-5a8a-452c-8e72-dc751dac6ec1} - C:\Programas\WorldTV_Bar\tbWorl.dll
R3 - URLSearchHook: World Tv Center Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Programas\World_Tv_Center\tbWor1.dll
O2 - BHO: IE7Pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programas\IE7Pro\IE7Pro.dll
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Ficheiros comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Programas\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O2 - BHO: World Tv Center Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Programas\World_Tv_Center\tbWor1.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programas\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Programas\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: World Tv Center Toolbar - {e077da94-6314-41f1-9f08-6607df65952e} - C:\Programas\World_Tv_Center\tbWor1.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [APVXDWIN] "C:\Programas\Panda Software\Panda Internet Security 2007\APVXDWIN.EXE" /s
O4 - HKLM\..\Run: [SCANINICIO] "C:\Programas\Panda Software\Panda Internet Security 2007\Inicio.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programas\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [BOC-425] C:\PROGRA~1\Comodo\CBOClean\BOC425.exe
O4 - HKLM\..\Run: [WinPatrol] "C:\Programas\BillP Studios\WinPatrol\WinPatrol.exe"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programas\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: DSLMON.lnk = C:\Programas\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programas\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open in new background tab - res://C:\Programas\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/229?23e13882b2f34d2fb527e50edfede195
O8 - Extra context menu item: Open in new foreground tab - res://C:\Programas\Windows Live Toolbar\Components\en-us\msntabres.dll.mui/230?23e13882b2f34d2fb527e50edfede195
O9 - Extra button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programas\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programas\IE7Pro\IE7Pro.dll
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - http://cdn.scan.onecare.live.com/res...scbase8300.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1189781903812
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EBEDA096-3520-470A-9F4F-E70844D02643}: NameServer = 212.55.154.174
O20 - Winlogon Notify: !SASWinLogon - C:\Programas\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Programas\a-squared Free\a2service.exe
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Programas\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programas\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BOCore - Unknown owner - (no file)
O23 - Service: NBService - Nero AG - C:\Programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programas\Ficheiros comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: AOpen Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Panda Software Controller - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PsCtrls.exe
O23 - Service: Panda Function Service (PAVFNSVR) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\PavFnSvr.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software International - C:\Programas\Ficheiros comuns\Panda Software\PavShld\pavprsrv.exe
O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\pavsrv51.exe
O23 - Service: Panda Antispam Engine (pmshellsrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\AntiSpam\pskmssvc.exe
O23 - Service: Panda Host Service (PSHost) - Panda Software International - c:\programas\panda software\panda internet security 2007\firewall\PSHOST.EXE
O23 - Service: Panda IManager Service (PSIMSVC) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\psimsvc.exe
O23 - Service: Serviço SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Programas\SiteAdvisor\6172\SAService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programas\Spyware Terminator\sp_rsser.exe
O23 - Service: Panda TPSrv (TPSrv) - Panda Software International - C:\Programas\Panda Software\Panda Internet Security 2007\TPSrv.exe
--
End of file - 10407 bytes

PS soory about spelling mistakes must be the medication LOL

[evilfantasy]

Hello Vic. Hope everything is going well.

I will have a look at the log and get back to you in a few.

[vic66]

Thanks very much evilfantasy.
And yes starting to feel better.

[vic66]

It is 4 in the morning here, i need some sleep will be back at 8 in the morning.
Promise not to do anything till i here from you.
Thanks very much for your time and help.

[evilfantasy]

Go to
C:\Documents and Settings\Fabio\Definições locais\Temporary Internet Files\Content.IE5\GSE4YWAK\HiJackThis[2].exe
Delete this whole file.

============

Now go to
C:\Programas\Trend Micro\HijackThis\HijackThis.exe
Right click HijackThis.exe and select Rename. Name it Analyze.exe and press enter.

============

Is this your internet provider?
PT.COM - COMUNICACOES INTERACTIVAS S.A

============

You look to be clean.

Actually as you have already stated you have a little too much protection. But as long as it is just one antivirus and one firewall there should be no conflicts. You may be slowed down by having so much running.

It looks like your security scans removed all that they found.

[vic66]

Thank evilfantasy for your reply , but rememeber i an a newbie !
how do i go about doing these requirements















'

[vic66]

oops
pt. com is the provider

[vic66]

took care of hijack log and now is analise ..exe
but cant find C documents and settings any where
please help
THANKS

[evilfantasy]

Open HijackThis and select "Do a system scan only.
Place a check mark next to
C:\Documents and Settings\Fabio\Definições locais\Temporary Internet Files\Content.IE5\GSE4YWAK\HiJackThis[2].exe
Then click Fix checked.

[vic66]

Sorry evilfantasy but i can not find it .Is there a number
like 04 or23 or 06 something i can guide myself with

[vic66]

oops (it is the medication) lol
please help!

[evilfantasy]

Copy this

C:\Documents and Settings\Fabio\Definições locais\Temporary Internet Files\Content.IE5\GSE4YWAK\HiJackThis[2].exe

Click Start > Run and paste this in the window then click OK

Delete everything there.

[vic66]

evilfantasy i also triple checked i can not find it
HELP Please just one more time!

[evilfantasy]

Since it was a temporary file it could be gone now, which is likely.

So no worries.

[vic66]

I did that paste and such ,it just took me to load hijack this again i cancelled
hope that is what i had to do?