Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

thnall1a.exe [RESOLVED]


  • This topic is locked This topic is locked

#16
Snickets

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello keisukey,

1.Run HijackThis scan only and place a check beside each of the following.
Optional Removals-
Fixing them here will not prevent you from opening them manually as needed. Your choice to fix based on your needs:
O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
(Description: Logitech Image Studio system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKLM\..\Run: [IPInSightLAN 02] \"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe\" -l
(Description: Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information. This one constantly "phones home" and wastes resources.)

O4 - HKLM\..\Run: [IPInSightMonitor 02] \"C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe\"
(Description: Installed with Verizon DSL accounts. IP Insight is a Quality of Service monitor and diagnostic tool that isn't required - see here for more information )

O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
(Description: System Tray icon for the Realtek AC97 Audio Sound Manager for AC97 onboard audio. Available via Start -> Settings-> Control Panel. Removing this entry will free up a small amount of system resources. )

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
(Description: A small program that reminds you to register your Creative Labs product (i.e. sound card, video card). Unnecessary. Removing this will free up a small amount of system resources.)

O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
(Description: Sun Java update scheduler. Checks for updates. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
(Description: Nvidia system tray applet. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
(Description: Logitech Desktop Manager. Searches for updates for Logitech software. Not necessary. Removing this entry will free up a small amount of system resources.)

O4 - HKCU\..\Run: [LDM] \Program\ (Logitech Desktop Messenger, which will once a week automatically check for software upgrades, new products, services, and special offerings from Logitech. This item has the ability to collect personal information about the user and removal is suggested.

O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)

O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
(Description: Logitech Desktop Manager. Searches for updates for Logitech software. Removing this entry will free up a small amount of system resources.)

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
(Description: Microsoft Office startup assistant. Not necessary. Removing this entry will free up a significant amount of system resources.)


After checking these entries CLOSE ALL open windows [browsers and programs] EXCEPT HijackThis and click "Fix Checked."

2. Reboot your computer now.

3. Once back in normal mode please run a new hijack this scan and paste the results back into this thread for me to review.

4. Please let me know how your system is running and if there are any more issues that need to be addressed.

Thank you,

Snickets

:tazz:
  • 0

Advertisements


#17
keisukey

keisukey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:54:46 PM, on 8/20/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPYWAR~1\SPYWAR~1.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\ProtoWall\ProtoWall.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Keisuke\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\AdobeAcrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\ProtoWall\ProtoWall.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120582565489
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe




so, what do the o18 stuff indicate in this log?? it shows up whenever i click on scan again after i scan the first time. it mentions something about hijack...
Logfile of HijackThis v1.99.1
Scan saved at 12:08:57 AM, on 8/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPYWAR~1\SPYWAR~1.EXE
C:\Program Files\Yahoo!\Antivirus\ISafe.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Yahoo!\Antivirus\VetMsg.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\WinPatrol\winpatrol.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\Program Files\Yahoo!\Antivirus\CAVTray.exe
C:\Program Files\Yahoo!\Antivirus\CAVRID.exe
C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe
C:\Program Files\ProtoWall\ProtoWall.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trillian\trillian.exe
C:\Documents and Settings\Keisuke\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\AdobeAcrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_6_2_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\Yahoo!\Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\Yahoo!\Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] 1
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\ProtoWall\ProtoWall.exe
O4 - Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: SBC Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.c.../NowStarter.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - http://files.member....s/sbc/yinst.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1120582565489
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo....plorer1_9us.cab
O18 - Protocol: about - {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: cdl - {3DD53D40-7B8B-11D0-B013-00AA0059CE02} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol hijack: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D}
O18 - Protocol: dvd - {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\System32\msvidctl.dll
O18 - Protocol hijack: file - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol hijack: ftp - {79EAC9E3-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: gopher - {79EAC9E4-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol hijack: http - {79EAC9E2-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: https - {79EAC9E5-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol hijack: its - {9D148291-B9C8-11D0-A4CC-0000F80149F6}
O18 - Protocol: javascript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol hijack: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF}
O18 - Protocol: local - {79EAC9E7-BAF9-11CE-8C82-00AA004BA90B} - C:\WINDOWS\system32\urlmon.dll
O18 - Protocol: mailto - {3050F3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: mhtml - {05300401-BCBC-11D0-85E3-00C04FD85AB4} - C:\WINDOWS\System32\inetcomm.dll
O18 - Protocol hijack: mk - {79EAC9E6-BAF9-11CE-8C82-00AA004BA90B}
O18 - Protocol: ms-its - {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\System32\itss.dll
O18 - Protocol: msdaipp - (no CLSID) - (no file)
O18 - Protocol hijack: res - {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
O18 - Protocol: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol hijack: tv - {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E}
O18 - Protocol: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\System32\mshtml.dll
O18 - Protocol: vnd.ms.radio - {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\System32\msdxm.ocx
O18 - Protocol hijack: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE}
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\ISafe.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\Yahoo!\Antivirus\VetMsg.exe

So could i be sure that there is no more aurora/vx2 malware in my computer???

Oh, i've had a problem for about a year now, but it's very minor, and i'm not sure if it's because of malware.
whenever i opened up control panel, it would freeze my computer for about couple seconds, and then my desktop and toolbar would disappear for an instant, and everything would be back to normal, but i could never have opened up the control panel. this is easily solved by locating the wuaucpl.cpl in the system32 folder, and changing the extension to .cpb. this allows me to open control panel without any problem, and i occasionally switch back the extension to .cpl to install some windows updates. so i'm just curious if there was anyway to solve this, although it's not a very big issue, since i'm not a paranoid guy who's worried about having automatic updates on.
  • 0

#18
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there Keisukey :)

Firstly, I would like to thank Snicketts for stepping in here during my absence, great job mate. :tazz:

Keisukey, the log looks good. Dont worry about the references in the second log, those entries are legit :) .

Just to be sure, I would like you to run this online scan as a check that we have got rid of everything

Panda ActiveScan<<<Accept default settings, save and post the log.

Also, please tell me how your PC is running now in your next post.

Regarding the issue with control panel, I will ask some of my colleagues about it as I have not come across this before.

UKBiker
  • 0

#19
keisukey

keisukey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Incident Status Location

Spyware:spyware/media-motor No disinfected Windows Registry


well, it seems i have this minor spyware, but other than that my pc is working fine... i'm not too worried about the control panel issue...
  • 0

#20
Justin

Justin

    I do a little bit of everything

  • Member
  • PipPipPipPipPip
  • 2,353 posts
Hello!

My name is Jfcap, and I will be helping you until UKBiker gets back.

He had to go out of town, so he asked me to step in for him. Lets run a scan that will tell us if there is anything bad on your computer.

Please Download the MWAV Scanner from Here

Unzip it to its predetermined Directory (C:\Kaspersky)

Locate "kavupd.exe" in the New Folder and Double Click to Update!

If you it says the signatures are more than 30 days old, keep trying!
Keep trying until you get the actual signatures!

When you see "Updates downloaded Successfully"

Please Press Enter to Continue!

It should open automatically>Leave the "Default Settings ticked" and add a "tick" "Drives">this will light up "All Drives">Click "Scan Clean" to begin!

This Scan will take Several Hours or more to Complete,Depending on the Hard Drive Size!

Please be sure it is Completed before proceeding!

Once the Scan has finished,All entries Identified as Infected will displayed in the lower pane!

Highlight everything that is inside the lower pane and press Ctrl+C at the same time to Copy!

Open a Blank Notepad Page and Paste the results (Ctrl+V) to it!

Post those results back here!
  • 0

#21
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi Kiesukey

regarding the issue with your control panel.
On of my colleagues ahs suggested this fix here which he used succesfully on a similar problem.

Many thanks to John-L and Miekiemoes

Create a folder on your desktop called Sysclean.
Go to http://www.trendmicr...wnload/dcs.asp and download sysclean package to the folder you made.
Go to http://www.trendmicr...oad/pattern.asp and download the Official Pattern Release for windows to your desktop.
This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Read here how to unzip/extract properly:
http://metallica.gee...xplanation.html
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, open your sysclean-folder and copy and paste the contents of sysclean.log in your next reply.

UKBiker
  • 0

#22
keisukey

keisukey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
eScan Anti-virus Toolkit Utility

File C:\Documents and Settings\Keisuke\Application Data\Microsoft\Office\Recent\Le Benediction Final.doc.LNK infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Keisuke\My Documents\SCHOOL\04-05\Le Benediction Final.doc infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\Documents and Settings\Keisuke\Recent\?Gno+|.lnk infected by "BkCln.Unknown" Virus. Action Taken: File Renamed.
File C:\System Volume Information\_restore{1F43FF7F-FC59-4AC5-994B-440C67FF85B7}\RP1\A0000073.exe infected by "Trojan.Win32.StartPage.abu" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{1F43FF7F-FC59-4AC5-994B-440C67FF85B7}\RP6\A0000305.exe tagged as not-a-virus:AdWare.WeirWeb.b. No Action Taken.
File C:\System Volume Information\_restore{1F43FF7F-FC59-4AC5-994B-440C67FF85B7}\RP6\A0000404.exe tagged as not-a-virus:RiskTool.Win32.Processor.20. No Action Taken.





/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-08-31, 07:49:41, Auto-clean mode specified.
2005-08-31, 07:49:41, Running scanner "C:\Documents and Settings\Keisuke\Desktop\Sysclean\TSC.BIN"...
2005-08-31, 07:51:35, Scanner "C:\Documents and Settings\Keisuke\Desktop\Sysclean\TSC.BIN" has finished running.
2005-08-31, 07:51:35, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 1)

Start time : Wed Aug 31 2005 07:49:44

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Keisuke\Desktop\Sysclean\tsc.ptn" (version 640) [success]

Complete time : Wed Aug 31 2005 07:51:35
Execute pattern count(4262), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-08-31, 07:52:41, An error occurred while scanning file "C:\Documents and Settings\Keisuke\ntuser.dat": Access is denied.
2005-08-31, 07:52:41, An error occurred while scanning file "C:\Documents and Settings\Keisuke\ntuser.dat.LOG": Access is denied.
2005-08-31, 07:54:22, An error occurred while scanning file "C:\Documents and Settings\Keisuke\Application Data\Mozilla\Firefox\Profiles\pd07cy7y.default\parent.lock": Access is denied.
2005-08-31, 08:31:10, An error occurred while scanning file "C:\Documents and Settings\Keisuke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-08-31, 08:31:10, An error occurred while scanning file "C:\Documents and Settings\Keisuke\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-08-31, 08:31:22, An error occurred while scanning file "C:\Documents and Settings\Keisuke\Local Settings\Temp\Perflib_Perfdata_5b8.dat": Access is denied.
2005-08-31, 08:49:41, An error was detected on "C:\Documents and Settings\Keisuke\My Documents\Music\堂本剛\o_uOA ̄_W\*.*": The system cannot find the path specified.
2005-08-31, 08:51:18, An error was detected on "C:\Documents and Settings\Keisuke\My Documents\Music\後藤真希\後藤真希 (サン・トワ・マミー)\*.*": The system cannot find the path specified.
2005-08-31, 08:53:33, An error was detected on "C:\Documents and Settings\Keisuke\My Documents\Music\???\*.*": The filename, directory name, or volume label syntax is incorrect.
2005-08-31, 09:36:41, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-08-31, 09:36:41, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2005-08-31, 09:36:42, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-08-31, 09:36:42, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-08-31, 09:36:42, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-08-31, 09:36:42, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-08-31, 09:36:42, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-08-31, 09:36:42, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-08-31, 09:52:55, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-250E3836.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32INFO.EXE-20AA1B1F.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-1601D392.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\AIM.EXE-061FD532.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTODOWN.EXE-2C37F50E.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\BLOCKMGR.EXE-1430B603.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\BSPLAYER.EXE-0D1E10B3.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\BTDOWNLOADGUI.EXE-2EF8091C.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CAFIX.EXE-2E051AA8.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CAVRID.EXE-24249A36.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CAVTRAY.EXE-0EA4C0F3.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CFD.EXE-3580EFD4.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\CTSYSVOL.EXE-159F2B9E.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\DMADMIN.EXE-00BCB146.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\DMREMOTE.EXE-2F82CB90.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\DRWTSN32.EXE-2B4B52AC.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Access is denied.
2005-08-31, 09:57:10, Could not set file for reading on "C:\WINDOWS\Prefetch\EM_EXEC.EXE-21B4F4A4.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\EXCEL.EXE-2C971FD7.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-17EE503B.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-2961174D.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAGEDRIVE.EXE-1C0529A4.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\IMEKRMIG.EXE-3B39C898.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\IMJPMIG.EXE-03882F7A.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\IMSCINST.EXE-009A1717.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\ISSTART.EXE-04E9E452.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\ITOUCH.EXE-0DDF2B56.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\ITUNES.EXE-1A268432.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\ITUNESHELPER.EXE-15823303.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\KAVSS.EXE-0A3BB3E9.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\KAVSS.EXE-254446FC.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\KAVUPD.EXE-186A5266.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\LDMCONF.EXE-2E2A6E1D.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\LIMEWIRE.EXE-1944953E.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGITRAY.EXE-22C68076.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGI_MWX.EXE-1B741F45.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\LVCOMS.EXE-23290495.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\MAD.EXE-039C0EAC.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\MATCLI.EXE-0688E200.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\MOTIVESB.EXE-012D78D1.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\MOTIVE~1.EXE-34114D40.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\MPBTN.EXE-3A3D8BAB.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\MSPMSPSV.EXE-159858D5.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\MWAV.EXE-072161FB.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\MWAVSCAN.COM-0F47BE34.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\MWAVSCAN.COM-1C78A0E8.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-3255A225.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-189578DA.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\NWIZ.EXE-2D0F9FBC.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\OPENME.EXE-1B0311C6.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\OSA.EXE-2CD63980.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\PLAYCD.EXE-3B63C56F.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\PRINTSCREEN.EXE-169D6072.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\PROTOWALL.EXE-19140F63.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\RECORDNOW.EXE-047F8E82.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-25EEFE2F.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-15E942E0.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1C320F03.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2D59088D.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-408E4ABB.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4A5A9D78.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNONCE.EXE-2803F297.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP_WM.EXE-3135CBD6.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\SGTRAY.EXE-2681711E.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1344276B.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\SS.EXE-332E2501.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-2CFDE3DA.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-041F4E9D.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\TFSWCTRL.EXE-360FB39A.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\TINTSETP.EXE-39BF0732.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\TRILLIAN.EXE-22797338.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.BIN-2F37482C.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\UNNERO.EXE-1779D5BB.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\UNNERO.EXE-1A10623C.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\VETMSG.EXE-31330AB6.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\VIRTUALDUB.EXE-0CECBCDE.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\VLC.EXE-0F625A12.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WDFMGR.EXE-2CF4013B.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WINMX.EXE-030ACAC8.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WINPATROL.EXE-2309BC07.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRAR.EXE-39C6DAD9.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-29F5CB89.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA0.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-18DDEFA5.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WP.EXE-14336AE8.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WRSSSDK.EXE-053DAB7A.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\YCOMMON.EXE-0BCDC1E4.pf": Access is denied.
2005-08-31, 09:57:11, Could not set file for reading on "C:\WINDOWS\Prefetch\YOP.EXE-344A80E6.pf": Access is denied.
2005-08-31, 09:57:12, Could not set file for reading on "C:\WINDOWS\Prefetch\YPSR.EXE-01FF0F16.pf": Access is denied.
2005-08-31, 09:57:12, Could not set file for reading on "C:\WINDOWS\Prefetch\YUM.EXE-3B7F05FD.pf": Access is denied.
2005-08-31, 09:59:40, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2005-08-31, 09:59:40, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-08-31, 09:59:40, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2005-08-31, 09:59:40, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-08-31, 09:59:40, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-08-31, 09:59:40, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-08-31, 09:59:40, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2005-08-31, 09:59:40, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-08-31, 09:59:41, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2005-08-31, 09:59:41, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-08-31, 10:02:13, Running scanner "C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN"...
2005-08-31, 10:59:29, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 8/31/2005 10:02:17
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 811 (107240 Patterns) (2005/08/30) (281100)
Command Line: C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Keisuke\Desktop\Sysclean

99496 files have been read.
99496 files have been checked.
84279 files have been scanned.
143522 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/31/2005 10:59:29
---------*---------*---------*---------*---------*---------*---------*---------*
2005-08-31, 10:59:29, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 8/31/2005 10:02:17
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 811 (107240 Patterns) (2005/08/30) (281100)
Command Line: C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Keisuke\Desktop\Sysclean

99496 files have been read.
99496 files have been checked.
84279 files have been scanned.
143522 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/31/2005 10:59:29 57 minutes 10 seconds (3429.61 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-08-31, 10:59:29, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 8/31/2005 10:02:17
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 811 (107240 Patterns) (2005/08/30) (281100)
Command Line: C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Keisuke\Desktop\Sysclean

99496 files have been read.
99496 files have been checked.
84279 files have been scanned.
143522 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/31/2005 10:59:29 57 minutes 10 seconds (3429.61 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-08-31, 10:59:29, Scanner "C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2005-08-31, 11:24:41, An error was detected on "D:\System Volume Information\*.*": Access is denied.
2005-08-31, 11:56:17, Running scanner "C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN"...
2005-08-31, 11:56:34, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 8/31/2005 11:56:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 811 (107240 Patterns) (2005/08/30) (281100)
Command Line: C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Keisuke\Desktop\Sysclean

282 files have been read.
282 files have been checked.
263 files have been scanned.
263 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/31/2005 11:56:34
---------*---------*---------*---------*---------*---------*---------*---------*
2005-08-31, 11:56:34, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 8/31/2005 11:56:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 811 (107240 Patterns) (2005/08/30) (281100)
Command Line: C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Keisuke\Desktop\Sysclean

282 files have been read.
282 files have been checked.
263 files have been scanned.
263 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/31/2005 11:56:34 14 seconds (13.88 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-08-31, 11:56:34, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 8/31/2005 11:56:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 811 (107240 Patterns) (2005/08/30) (281100)
Command Line: C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Keisuke\Desktop\Sysclean

282 files have been read.
282 files have been checked.
263 files have been scanned.
263 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/31/2005 11:56:34 14 seconds (13.88 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-08-31, 11:56:34, Scanner "C:\Documents and Settings\Keisuke\Desktop\Sysclean\VSCANTM.BIN" has finished running.
  • 0

#23
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there Kiesukey

did you get the desktop issue sorted with the uses of sysclean?

UKBiker
  • 0

#24
keisukey

keisukey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
hmm nope, i'm still having the same problem with the control panel...
  • 0

#25
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there :tazz:

Well, your system is free of malware from what i can see, however I will ask one of my colleagues to have a look regarding the control panel issue.

UKBiker
  • 0

Advertisements


#26
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there Keisukey :)

Congratulations , your log is clean :tazz: :) :)

I have asked for some help on the control panel issue, but in the meantime, these are the final steps regarding malware.

Just a general clean up now and we are done

Now you have to clean out your temporary files and flush your restore points:
  • Start | Run | type cleanmgr | OK
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.
Flush System Restore.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.

4. Finally Defragment your hard Drive.


So now that your PC is clean, how do you keep it that way?

The single most important measure is this. Keep your copy of XP fully up to date after that,

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer alternatives available. ConsiderFirefox, however Opera and SlimBrowsers are good as well.
And also see TonyKlein's good advice
Spyware Aid's spyware article: [color=blue]Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Glad to have been of help

UKBiker
  • 0

#27
Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Click start then run, type sfc /scannow then press enter to replace the system files, you need the XP CD and get a blue bar, reboot when the bar goes
  • 0

#28
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Hi there

thanks for taking the control panel problem on Keith.

UKBiker
  • 0

#29
ukbiker

ukbiker

    Rest in Peace, ukbiker

  • Retired Staff
  • 2,014 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP