Yehaaaaaaa! Wonderfull my friend! Thank you so much!
Agrarianmonk, you don't imagine my hapyness. I have follow all the steps you have recomend me and now I am able to run my anti virus and do the updates, something that I could'nt do when the virus was active on the PC.
So its realy wonderfull to know that we can count on people like you and forums like yours, please if tis anything I can do for you dont hesitate to ask my email is :
personal email edited out - agrarianmonkThanks once again that thing was driving me crazy.
shayras.
The report and HJT log file:
SDFix: Version 1.26
-------------------
Scan run on:
Tue 09/26/2006
Time:
2:56p
Microsoft Windows 2000 [Version 5.00.2195]
Running from: C:\Documents and Settings\Administrator\Desktop\SDFix
Stage One...
Checking Services...
Name:
-----
DLLHOST
mspcdcom
Path:
----
"C:\WINNT\system\dllhost.exe"
%SystemRoot%\System32\mspcdcom.exe
DLLHOST ... deleted
mspcdcom ... deleted
RpcSssvc ... deleted
Repairing Registry...
Killing PID 452 'wkssvr.exe'
Restoring Default Hosts File...
Stage One Complete
Rebooting!
Stage Two...
Registry Cleaning Finished...
Checking For Malware Files:
--------------------------
C:\WINNT\system32\04785_netapi.exe
C:\WINNT\system32\06028_netapi.exe
C:\WINNT\system32\20514_netapi.exe
C:\WINNT\system32\41406_netapi.exe
C:\WINNT\system32\55860_netapi.exe
C:\WINNT\system32\62175_netapi.exe
C:\WINNT\system32\78530_netapi.exe
C:\WINNT\system32\78866_netapi.exe
C:\WINNT\system32\87552_netapi.exe
C:\WINNT\system\dllhost.exe
C:\WINNT\system32\install.exe
C:\WINNT\system32\mspcdcom.exe
C:\WINNT\system32\wkssvr.exe
Backing Up and Removing any Files Found...
Final Check:
Remaining Services:
------------------
Remaining Files:
--------------
*Any removed Files are saved in the SDFix\backups Folder*
*FINISHED*
Logfile of HijackThis v1.99.1
Scan saved at 3:02:46 PM, on 9/26/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\System32\termsrv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Compaq\vcagent\vcagent.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\compaq\hpdiags\hpdiags.exe
C:\WINNT\System32\llssrv.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe
C:\WINNT\System32\snmp.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\RealVNC\VNC4\WinVNC4.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
C:\WINNT\System32\CpqRcmc.exe
C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
C:\WINNT\system32\Dfssvc.exe
C:\WINNT\System32\msdtc.exe
C:\WINNT\System32\sysdown.exe
C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
C:\WINNT\cluster\resrcmon.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\notepad.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Documents and Settings\Administrator\Desktop\Hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.43.4:3128
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\RunServices: [google] google.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O16 - DPF: {00134F72-5284-44F7-95A8-52A619F70751} (ObjWinNTCheck Class) -
https://192.168.100....ll/WinNTChk.cabO16 - DPF: {08D75BB0-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupINICtrl Class) -
https://192.168.100....ll/setupini.cabO16 - DPF: {08D75BC1-D2B5-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment SetupCtrl Class) -
https://192.168.100....stall/setup.cabO16 - DPF: {35C3D91E-401A-4E45-88A5-F3B32CD72DF4} (Encrypt Class) -
https://192.168.100....html/AtxEnc.cabO16 - DPF: {5EFE8CB1-D095-11D1-88FC-0080C859833B} (OfficeScan Corp Edition Web-Deployment ObjRemoveCtrl Class) -
https://192.168.100..../RemoveCtrl.cabO17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = OKSIJEN
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AF4895B-CA3F-4791-859C-1E80B3331301}: NameServer = 213.137.128.73,213.137.128.74
O18 - Protocol: hpapp - {24F45006-5BD9-41B7-9BD9-5F8921C8EBD1} - C:\Program Files\Compaq\Cpqacuxe\Bin\hpapp.dll
O20 - AppInit_DLLs: RPCRT3.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP Insight NIC Agent (CpqNicMgmt) - Hewlett-Packard Company - C:\WINNT\System32\CPQNiMgt\cpqnimgt.exe
O23 - Service: Compaq Remote Monitor Service (CpqRcmc) - Compaq - C:\WINNT\System32\CpqRcmc.exe
O23 - Service: HP Version Control Agent (cpqvcagent) - Hewlett-Packard Company - C:\Compaq\vcagent\vcagent.exe
O23 - Service: HP Insight Web Agent (CpqWebMgmt) - HP Corporation - C:\WINNT\System32\CPQMgmt\cpqwmgmt.exe
O23 - Service: HP Insight Foundation Agent (CqMgHost) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgHost\cqmghost.exe
O23 - Service: HP Insight Server Agents (CqMgServ) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgServ\cqmgserv.exe
O23 - Service: HP Insight Storage Agents (CqMgStor) - Hewlett-Packard Company - C:\WINNT\System32\CPQMgmt\CqMgStor\cqmgstor.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: HP Insight Diagnostics (hpdiags) - Unknown owner - C:\compaq\hpdiags\hpdiags.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Secure Path Agent (SecurePathAgent) - Hewlett Packard Corporation - C:\Program Files\Compaq\SecurePath\Agent\SecurePathAgent.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: HP ProLiant System Shutdown Service (sysdown) - Compaq Computer Corporation - C:\WINNT\System32\sysdown.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Edited by agrarianmonk, 26 September 2006 - 11:49 AM.