Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SpySheriff, iau.exe, msras.exe, hijacked desktop..


  • Please log in to reply

#31
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi mgozalbo

Please read through the instructions before you start (you may want to print this out).

If it is not your internet provider, you should have HJT fix it . All The 017 listings.
195.92.195.95 195.92.195.94
role: RIPE Admin
address: Energis UK
address: Melbourne Street
address: Leeds, LS2 7PS
address: United Kingdom

O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF7CCFD-47B7-4905-B531-CC9C2D7455C5}: NameServer = 195.92.195.95 195.92.195.94<--Check this befor you delete with HijackThis

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF7CCFD-47B7-4905-B531-CC9C2D7455C5}: NameServer = 195.92.195.95 195.92.195.94

Click on Fix Checked when finished and exit HijackThis.

Download this scanner - cureit.
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Run drweb - cureit
Doubleclick the "drweb-cureit.exe" and click "ok" in the prompt window that will open , asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it find, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green
Click on the green man in the right corner, it will scan All your drive's, say yes to all

Post a new Hjt.log when done.

Kc :tazz:
  • 0

Advertisements


#32
mgozalbo

mgozalbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok, so I think I did what I had to do, although the internet kept trying to connec t itself all the time.

I tell HJT to fix the 017 but there is one that keeps appearing
The HJT log is:

Logfile of HijackThis v1.99.1
Scan saved at 10:14:09, on 20/08/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Helen\Desktop\MGMAntivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.c...0809&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF7CCFD-47B7-4905-B531-CC9C2D7455C5}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Belkin 54g Wireless USB Network Adapter (Belkin 54g Wireless USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#33
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi mgozalbo

Download WinPFInd http://www.bleepingc...er/WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder.

Download Track qoo (TQ.zip) http://www.techsuppo...tachmentid=3761
Save it somewhere you will remember like the Desktop. Unzip the Track qoo.vbs inside to your desktop. DO NOT run it yet!

Safemode

Inside C:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.! Once the Scan is Complete it will make a txt file (log) of what was found.

1. Go to the WinPFind folder
2. Locate WinPFind.txt
3. Please post those results in your next post!

REBOOT to normal mode.

Double Click on "Track qoo.vbs"

Note - If you Antivirus has Script Blocking, you will get a Pop Up Windows asking you what to do. Allow this Entire Script to Run, its harmless!

Wait a few seconds and a notepad page will pop up, Copy & Paste those results and place them in the next post along with the results of WinPFind!

I need the following tool logs..

WinPFind.txt log
Track qoo.vbs log

Kc :tazz:
  • 0

#34
mgozalbo

mgozalbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
hello thatman,

I can't download the programmes that you say...the links don't seem to work :tazz:
  • 0

#35
mgozalbo

mgozalbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
hello? :tazz:
  • 0

#36
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi mgozalbo

Do you live in the UK around the leeds area:

address: Energis UK<--Is this your serves provider.
address: Melbourne Street
address: Leeds, LS2 7PS
address: United Kingdom

Please post a new HJT.log

Kc :tazz:
  • 0

#37
mgozalbo

mgozalbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I live in the UK, but not around Leeds. I live in London.

Energis UK is not my service provider.

and the HJT log is:

Logfile of HijackThis v1.99.1
Scan saved at 13:01:57, on 06/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Helen\Desktop\MGMAntivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.c...0809&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF7CCFD-47B7-4905-B531-CC9C2D7455C5}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Edited by mgozalbo, 06 September 2005 - 06:04 AM.

  • 0

#38
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi mgozalbo

Please read through the instructions before you start (you may want to print this out).

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.c...0809&os=5&src=1
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80

Click on Fix Checked when finished and exit HijackThis.

Create a folder on your desktop called Sysclean.
Go to http://www.trendmicr...ownload/dcs.asp and download sysclean package to the folder you made.
Go to http://www.trendmicr...oad/pattern.asp and download the Official Pattern Release for windows to your desktop.
This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.

Post a new HJT.log

Kc :tazz:
  • 0

#39
mgozalbo

mgozalbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok,
the sysclean.log:



/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-09-06, 14:29:33, Auto-clean mode specified.
2005-09-06, 14:29:33, Running scanner "C:\Documents and Settings\Helen\Desktop\Sysclean\TSC.BIN"...
2005-09-06, 14:29:55, Scanner "C:\Documents and Settings\Helen\Desktop\Sysclean\TSC.BIN" has finished running.
2005-09-06, 14:29:55, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 1)

Start time : Tue Sep 06 2005 14:29:34

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Helen\Desktop\Sysclean\tsc.ptn" (version 644) [success]

Complete time : Tue Sep 06 2005 14:29:55
Execute pattern count(4293), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-09-06, 14:29:55, Could not set file for reading on "C:\gobackio.bin": Access is denied.
2005-09-06, 14:31:12, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2005-09-06, 14:31:12, An error occurred while scanning file "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat": Access is denied.
2005-09-06, 14:31:12, An error occurred while scanning file "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat": Access is denied.
2005-09-06, 14:32:45, An error occurred while scanning file "C:\Documents and Settings\Helen\NTUSER.DAT": Access is denied.
2005-09-06, 14:32:45, An error occurred while scanning file "C:\Documents and Settings\Helen\ntuser.dat.LOG": Access is denied.
2005-09-06, 14:33:00, An error occurred while scanning file "C:\Documents and Settings\Helen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-09-06, 14:33:00, An error occurred while scanning file "C:\Documents and Settings\Helen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-09-06, 14:33:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-09-06, 14:33:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2005-09-06, 14:33:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-09-06, 14:33:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-09-06, 14:34:52, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-09-06, 14:34:52, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-09-06, 14:34:52, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-09-06, 14:34:52, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-09-06, 14:38:09, An error occurred while scanning file "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-1853B83A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-2926B5EA.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-260B72BD.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\ALEUPDAT.EXE-00022FFB.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-223E3682.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-10E11A7C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\CCSETMGR.EXE-022FAA6A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP.EXE-1671E52D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\CWSHREDDER.EXE-14FE5A94.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DIAGENT.EXE-1DBDFC0F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DIRECTCD.EXE-0582AB76.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRAGDIAG.EXE-160DF160.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWEB-CUREIT.EXE-00FBB52F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWEB-CUREIT.EXE-0B51EF70.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWEB32W.EXE-0DB3677C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRW_START.EXE-1DA00EF8.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DSENTRY.EXE-28A3C4CF.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-2A1B96AB.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\GBTRAY.EXE-2DACCF3C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-0BD5B31B.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1AE340DD.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOAPM08.EXE-183C4864.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOEVM08.EXE-18AF13A4.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOSTS08.EXE-06128920.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQFRU07.EXE-06CAA725.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQFRUCL.EXE-1DFB5AF5.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZENG07.EXE-0CEBD9F7.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZIPM12.EXE-02312CF9.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZSTC07.EXE-15B07549.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\IKERNEL.EXE-182CAA81.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\INVOKESVC.EXE-3B111345.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-05B0E49A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNAPPAU.EXE-0E2A1D33.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\MSOHELP.EXE-04A9D3D1.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-06EAD342.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-214D87DC.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-2DAE2DE6.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NSMDTR.EXE-2AE1B2D8.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NVSVC32.EXE-0756FC6B.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\PCARMDRV.EXE-153A033C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\QCONSOLE.EXE-218832B0.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\QUICKDCF.EXE-2244BD53.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RASAUTOU.EXE-10B4F92F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSHAVE.EXE-17FD6DA6.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RMV.EXE-02F64A62.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-611C9EEE.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-6600BC41.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-70B1735E.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-733E50FB.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SBSERV.EXE-01EB0FE7.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-2EFD625D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SET3.TMP-0B42C468.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-23C2FD36.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SOL.EXE-213C4FA3.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SPIDER.EXE-0B99044C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1702AD5F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\STDIALUP.EXE-03A1D6FF.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SYMLCSVC.EXE-2CB155BD.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-3B30484D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-1251B310.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.BIN-11C201F8.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDREG.EXE-1FDD8DC3.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WINHLP32.EXE-16D564B3.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-23347E4F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WLANCFGG.EXE-2CB7157A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WLSERVICE.EXE-1C7DBE08.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WORDPAD.EXE-30063FA0.pf": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG": Access is denied.
2005-09-06, 14:50:17, Running scanner "C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN"...
2005-09-06, 15:12:42, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2005 14:50:18
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 821 (107522 Patterns) (2005/09/05) (282100)
Command Line: C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Helen\Desktop\Sysclean

54155 files have been read.
54155 files have been checked.
42612 files have been scanned.
78329 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2005 15:12:41
---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-06, 15:12:42, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2005 14:50:18
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 821 (107522 Patterns) (2005/09/05) (282100)
Command Line: C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Helen\Desktop\Sysclean

Success Clean [ JAVA_BYTEVER.A]( 1) from C:\Documents and Settings\Helen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4430eec2-16fb0fc1.zip,(Dummy.class)
Success Clean [ JAVA_BYTEVER.A]( 1) from C:\Documents and Settings\Helen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv727.jar-7f4d1e78-7bcc4451.zip,(Dummy.class)
54155 files have been read.
54155 files have been checked.
42612 files have been scanned.
78329 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2005 15:12:41 22 minutes 21 seconds (1340.53 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-06, 15:12:42, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2005 14:50:18
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 821 (107522 Patterns) (2005/09/05) (282100)
Command Line: C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Helen\Desktop\Sysclean

54155 files have been read.
54155 files have been checked.
42612 files have been scanned.
78329 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2005 15:12:41 22 minutes 21 seconds (1340.53 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-06, 15:12:42, Scanner "C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN" has finished running.


/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-09-06, 14:29:33, Auto-clean mode specified.
2005-09-06, 14:29:33, Running scanner "C:\Documents and Settings\Helen\Desktop\Sysclean\TSC.BIN"...
2005-09-06, 14:29:55, Scanner "C:\Documents and Settings\Helen\Desktop\Sysclean\TSC.BIN" has finished running.
2005-09-06, 14:29:55, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 1)

Start time : Tue Sep 06 2005 14:29:34

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Helen\Desktop\Sysclean\tsc.ptn" (version 644) [success]

Complete time : Tue Sep 06 2005 14:29:55
Execute pattern count(4293), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-09-06, 14:29:55, Could not set file for reading on "C:\gobackio.bin": Access is denied.
2005-09-06, 14:31:12, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2005-09-06, 14:31:12, An error occurred while scanning file "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat": Access is denied.
2005-09-06, 14:31:12, An error occurred while scanning file "C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat": Access is denied.
2005-09-06, 14:32:45, An error occurred while scanning file "C:\Documents and Settings\Helen\NTUSER.DAT": Access is denied.
2005-09-06, 14:32:45, An error occurred while scanning file "C:\Documents and Settings\Helen\ntuser.dat.LOG": Access is denied.
2005-09-06, 14:33:00, An error occurred while scanning file "C:\Documents and Settings\Helen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-09-06, 14:33:00, An error occurred while scanning file "C:\Documents and Settings\Helen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-09-06, 14:33:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-09-06, 14:33:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2005-09-06, 14:33:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-09-06, 14:33:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-09-06, 14:34:52, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-09-06, 14:34:52, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-09-06, 14:34:52, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-09-06, 14:34:52, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-09-06, 14:38:09, An error occurred while scanning file "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-1853B83A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\ADOBE GAMMA LOADER.EXE-2926B5EA.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENTSVR.EXE-260B72BD.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\ALEUPDAT.EXE-00022FFB.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\AUPDATE.EXE-223E3682.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-10E11A7C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\CCSETMGR.EXE-022FAA6A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP.EXE-1671E52D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\CWSHREDDER.EXE-14FE5A94.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DIAGENT.EXE-1DBDFC0F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DIRECTCD.EXE-0582AB76.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRAGDIAG.EXE-160DF160.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWEB-CUREIT.EXE-00FBB52F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWEB-CUREIT.EXE-0B51EF70.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWEB32W.EXE-0DB3677C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DRW_START.EXE-1DA00EF8.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DSENTRY.EXE-28A3C4CF.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-06188867.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-2A1B96AB.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\GBTRAY.EXE-2DACCF3C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-0BD5B31B.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-1AE340DD.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOAPM08.EXE-183C4864.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOEVM08.EXE-18AF13A4.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPOSTS08.EXE-06128920.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQFRU07.EXE-06CAA725.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQFRUCL.EXE-1DFB5AF5.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZENG07.EXE-0CEBD9F7.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZIPM12.EXE-02312CF9.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZSTC07.EXE-15B07549.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\IKERNEL.EXE-182CAA81.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\INVOKESVC.EXE-3B111345.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-0A1B0F2C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-05B0E49A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-0620E8B3.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNAPPAU.EXE-0E2A1D33.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\MSOHELP.EXE-04A9D3D1.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-06EAD342.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-214D87DC.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NDETECT.EXE-2DABC14D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-2DAE2DE6.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NSMDTR.EXE-2AE1B2D8.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\NVSVC32.EXE-0756FC6B.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\PCARMDRV.EXE-153A033C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\QCONSOLE.EXE-218832B0.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-1876A1A1.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\QUICKDCF.EXE-2244BD53.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RASAUTOU.EXE-10B4F92F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSHAVE.EXE-17FD6DA6.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RMV.EXE-02F64A62.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-611C9EEE.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-6600BC41.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-70B1735E.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-733E50FB.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SBSERV.EXE-01EB0FE7.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-2EFD625D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SET3.TMP-0B42C468.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-23C2FD36.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SOL.EXE-213C4FA3.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SPIDER.EXE-0B99044C.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1702AD5F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\STDIALUP.EXE-03A1D6FF.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-2D5FBD18.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SYMLCSVC.EXE-2CB155BD.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-3B30484D.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-1251B310.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.BIN-11C201F8.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDREG.EXE-1FDD8DC3.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-0743FDA9.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WINHLP32.EXE-16D564B3.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-23347E4F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WLANCFGG.EXE-2CB7157A.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WLSERVICE.EXE-1C7DBE08.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf": Access is denied.
2005-09-06, 14:47:40, Could not set file for reading on "C:\WINDOWS\Prefetch\WORDPAD.EXE-30063FA0.pf": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM": Access is denied.
2005-09-06, 14:49:05, An error occurred while scanning file "C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG": Access is denied.
2005-09-06, 14:50:17, Running scanner "C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN"...
2005-09-06, 15:12:42, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2005 14:50:18
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 821 (107522 Patterns) (2005/09/05) (282100)
Command Line: C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Helen\Desktop\Sysclean

54155 files have been read.
54155 files have been checked.
42612 files have been scanned.
78329 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2005 15:12:41
---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-06, 15:12:42, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2005 14:50:18
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 821 (107522 Patterns) (2005/09/05) (282100)
Command Line: C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Helen\Desktop\Sysclean

Success Clean [ JAVA_BYTEVER.A]( 1) from C:\Documents and Settings\Helen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4430eec2-16fb0fc1.zip,(Dummy.class)
Success Clean [ JAVA_BYTEVER.A]( 1) from C:\Documents and Settings\Helen\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv727.jar-7f4d1e78-7bcc4451.zip,(Dummy.class)
54155 files have been read.
54155 files have been checked.
42612 files have been scanned.
78329 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2005 15:12:41 22 minutes 21 seconds (1340.53 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-06, 15:12:42, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 9/6/2005 14:50:18
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 821 (107522 Patterns) (2005/09/05) (282100)
Command Line: C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Helen\Desktop\Sysclean

54155 files have been read.
54155 files have been checked.
42612 files have been scanned.
78329 files have been scanned. (including files in archived)
2 files containing viruses.
Found 2 viruses totally.
Maybe 0 viruses totally.
Stop At : 9/6/2005 15:12:41 22 minutes 21 seconds (1340.53 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-09-06, 15:12:42, Scanner "C:\Documents and Settings\Helen\Desktop\Sysclean\VSCANTM.BIN" has finished running.



and the HJT log


Logfile of HijackThis v1.99.1
Scan saved at 15:19:19, on 06/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\Documents and Settings\Helen\Desktop\Sysclean\sysclean.com
C:\Documents and Settings\Helen\Desktop\Sysclean\sysclean.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINDOWS\msagent\AgentSvr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Helen\Desktop\MGMAntivirus\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF7CCFD-47B7-4905-B531-CC9C2D7455C5}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#40
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi mgozalbo

PLease download the following program. Use the (Offline Installation)

You can download Sun's newer JVM for Windows at http://java.sun.com/getjava/index.html.
http://www.java.com/...load/manual.jsp Windows (Offline Installation)

Make sure you are offline when you do the following:
When you have download the offline java.
Use Windows add remove program file's uninstall the following: Sun java

When you have removed the sunjava program install the new version.

Download cureit;
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Run drweb - cureit
Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.

Reboot.

Post a fresh HiJackThis log once finished.

Kc :tazz:
  • 0

Advertisements


#41
mgozalbo

mgozalbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok, here we go. the latest HJT log


Logfile of HijackThis v1.99.1
Scan saved at 17:17:04, on 06/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jucheck.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Helen\Desktop\MGMAntivirus\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=http://127.0.0.1:80
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

#42
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi mgozalbo

That pop window you get can you tell me more about it.

How is the system running now.

Have you tryed internet explorer yet.

Kc :tazz:
  • 0

#43
mgozalbo

mgozalbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
IE:
I've tried it again and it's still not working.
I click on the icon and the window appears, on the bottom left corner it says "Connecting to site 127.0.0.1" and then the page says "The page cannot be displayed". My homepage in IE is Google.com.

The system is now running very well, no pop ups appear, but this has happened before, for a while (maybe 30 mins or less) the pop ups don't appear and then they start, you can get one every two minutes, which is very frustrating. The appear on top of anything that you are working on, although you can keep working without having to close them.

The have different messages, all of them say that the computer has an infection related to msn messenger and that I need to download some software from Internet. The addresses and the infections change with each of the pop ups.
  • 0

#44
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi mgozalbo

Please CLICK here and go to Save As (in Internet Explorer it's "Save Target As") in order to download DelDomains.inf file. Save it to your desktop.
Now right click on the DelDomains.inf and click on install.

Download the Hoster from here:
http://www.funkytoad...load/hoster.zip
Unzip the file and press "Restore Original Hosts" and press "OK". Exit Program.

Reboot as normal

Now try internet explorer.

Kc
:tazz:
  • 0

#45
mgozalbo

mgozalbo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
ok, so what I did was:
- downloaded DelDomains.inf with right click and "Save Link As..." (I am using Firefox as my browser, IE is still not working)
- Right click on DelDomains.inf and select "Install" from the menu
- Nothing really happened
- Download hoster.zip
- Unzip hoster.zip
- click on hoster
- press the "Restore Original Hosts" button
- press OK
- Restart computer
- Try IE: it is not working

do a HJT log, realised that there was again the R1 entry, checked the box and click "Fix checked", do a HJT log again and this is what it comes up with: (IE still not working)

Logfile of HijackThis v1.99.1
Scan saved at 18:25:13, on 06/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton GoBack\GBPoll.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton GoBack\GBTray.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Documents and Settings\Helen\Desktop\MGMAntivirus\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Exif Launcher.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton GoBack\GBTray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFF7CCFD-47B7-4905-B531-CC9C2D7455C5}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton GoBack\GBPoll.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP