Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijackthis log [CLOSED]


  • This topic is locked This topic is locked

#1
Basuraman

Basuraman

    Member

  • Member
  • PipPip
  • 13 posts
hello everybody...

here are my problems:

1. Ctrl+alt+delete command doesn't work
2. an "incomplete" file from limewire cannot be deleted...something about "Cannot find specified file, make sure you specify the correct path or file name"
3. 90+ Zip files (800kb+ each) keep coming back after deletion to default limewire "complete" folder even if i already disabled/remove said folder from limewire sharing options.
4. said "complete" folder is invisible from window pane(even if viewing of hidden files is enabled) and can only be accessed by typing location on address bar.
5. Computer restarts when trying to connect to the net using dial-up connection.

other than this my PC seems to work just fine...
it doesn't seem to slow down...
it's clean according to my anti-virus(McAfee) and anti-spyware(Adaware & Spybot) scanners...
however, trojanhunter can't seem to delete one detected trojan file...something about "cannot delete file. the file is archieved"(the location of the file is from a kasparovchessmaster file)

here is my Hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 3:08:37 PM, on 7/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\srv32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Basuraman\Desktop\Leo\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Winlogon] C:\WINDOWS\Lsass.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [KasparovChessmate.exe] C:\PROGRA~1\Alawar\KASPAR~1.EXE /r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\AUTORUN\Flash\swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{166E0D26-196B-4166-903F-FBC158C55EA5}: NameServer = 202.61.82.130 202.61.82.144
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe

thanks everybody :tazz:

Edited by Basuraman, 27 July 2005 - 02:56 PM.

  • 0

Advertisements


#2
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Basuraman, welcome to GeeksToGo

You have several viruses/worms on your computer we have to rid of.

Please download this removal tool from Symantec:

http://securityrespo...er/FixOpsrv.exe

1) Save the file to a convenient location, such as your download folder or the Windows desktop
2) Close all the programs before you run the tool.
3) If you are on a network or have a full-time connection to the Internet, disconnect the computer from the network and the Internet.
4) Double-click the FixOpsrv.exe file to start the removal tool.
5) Click Start to begin the process, and then allow the tool to run.
6) Restart the computer.
7) Run the removal tool again to ensure that the system is clean.

Open HijackThis and click Scan. Put a check next to these entries if they still exist:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O4 - HKLM\..\Run: [Winlogon] C:\WINDOWS\Lsass.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{166E0D26-196B-4166-903F-FBC158C55EA5}: NameServer = 202.61.82.130 202.61.82.144 < this domain corresponds to the url cebu.ph.inter.net by Interdotnet Philippines Inc. if it's not your ISP or doesn't belong to your network, fix it.
O23 - Service: Srv32 - Unknown owner - C:\WINDOWS\system32\srv32.exe


Close all other windows other than HijackThis and click Fix Checked.

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Go to Start> Run and type: cmd, click OK.

In the command window that opens type these lines hitting Enter after each line:

sc stop Srv32
sc delete Srv32
exit


Make sure you can view hidden files and folders:

Next click on My Computer.
Go to Tools > Folder Options.
Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and "Hide extensions for known file types."
Now click "Apply to all folders"
Click "Apply" then "OK"

Go to Control Panel Add/Remove Programs and uninstall these if found:(they may not be there)

NavHelper
winupdates


Navigate to and delete these folders and files in bold if found:

C:\WINDOWS\Lsass.exe
C:\Program Files\winupdates
C:\WINDOWS\system32\srv32.exe

Reboot back to normal mode and go here to make an online scan and save the results.

http://www.pandasoft...com/activescan/

Next go here and make a second scan and save the results:

http://housecall.trendmicro.com/

Come back here and post a new log along with the scan results.

Regards,

Armodeluxe
  • 0

#3
Basuraman

Basuraman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
thank you very much sir...

as i was waiting for your reply i ran into an online hijackthis analyzer...
i followed that program's suggestions and it solved problems 1,3,5(i think).
and so I was left w/ problem no.2

i downloaded that removal tool from symantec and I ran it but it crashed when
it got into that file i was talking about in problem no.2
i then proceeded to Hijackthis and fixed whats left of the entries to be removed.
I rebooted into safe mode and tried to run the command you gave me but the command window just flashed for a second and disappeared.
I decided to continue on removing listed files manually.
lsass.exe wasn't there but i got to remove winupdates and srv32.exe

pandasoftware required that i download ActiveX controls but i chose not too beacause of the size of the file, the speed, and the unstability of my internet connection.
i tried trendmicro but i got disconnected a couple of times before the scan even started. if these online scans are really that important then i shall do my best to schedule them at a time where i can avail optimum speed and stability(which is very early in the morning) :tazz:

anyhoo
here is my hijackthis logfile:

Logfile of HijackThis v1.99.1
Scan saved at 1:32:36 PM, on 7/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\McAfee\McAfee VirusScan\VsStat.exe
C:\Program Files\McAfee\McAfee VirusScan\Vshwin32.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\McAfee\McAfee VirusScan\Avconsol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Documents and Settings\Basuraman\Desktop\Leo\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - C:\Program Files\McAfee\McAfee VirusScan\VSCShellExtension.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [KasparovChessmate.exe] C:\PROGRA~1\Alawar\KASPAR~1.EXE /r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: + &Download Express: download this file - C:\Program Files\Download Express\Add_Url.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - file://D:\AUTORUN\Flash\swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.co...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{166E0D26-196B-4166-903F-FBC158C55EA5}: NameServer = 202.61.82.130 202.61.82.144
O23 - Service: AVSync Manager (AvSynMgr) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee VirusScan\Avsynmgr.exe
O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe



thanks a lot! ;) you guys are the best!
  • 0

#4
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Basuraman

Well that new log looks clean to me now, but that doesn't mean your computer is free of viruses now. Given the instability of your connection, let's try a different method.

Create a folder on your desktop called Sysclean.
Go to http://www.trendmicr...ownload/dcs.asp and download sysclean package to the folder you made.
Go to http://www.trendmicr...oad/pattern.asp and download the Official Pattern Release for windows to your desktop.
This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, select: 'view log'.
Copy and paste this log in your next reply.

Regards,

Armodeluxe
  • 0

#5
Basuraman

Basuraman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
dear Armodeluxe

I'm sorry it took me a long time to reply. I've been really busy with school so I really had a hard time er... waking up very early in the morning to do the downloads ;)

but before anything else I got to finally move out the "dead file" i was talking about in Problem no.2. I was able to run the "wormkiller" program and it said i was clean. But now I've got another problem. While surfing the net, I'd often find my mouse cursor wandering off randomly and start clicking and blinking. It would take almost one minute before the "possession " would stop. Also, i think i still have prob. 5. I was thinking maybe there is a hardware problem w/ my modem but what do you think?

anyhoo...
i ran the new program but as it was loading up the "worm pattern" thingy...it failed
but it still continued on scanning.

here's the log:



/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-08-04, 06:58:59, Auto-clean mode specified.
2005-08-04, 06:58:59, Running scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\TSC.BIN"...
2005-08-04, 06:59:17, Scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\TSC.BIN" has finished running.
2005-08-04, 06:59:17, TSC Log:

2005-08-04, 06:59:19, An error occurred while scanning file "C:\Documents and Settings\Administrator\ntuser.dat": Access is denied.
2005-08-04, 06:59:19, An error occurred while scanning file "C:\Documents and Settings\Administrator\ntuser.dat.LOG": Access is denied.
2005-08-04, 06:59:41, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-08-04, 06:59:41, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-08-04, 07:05:14, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-08-04, 07:05:14, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2005-08-04, 07:05:14, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-08-04, 07:05:14, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-08-04, 07:05:15, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-08-04, 07:05:15, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-08-04, 07:05:15, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-08-04, 07:05:15, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-08-04, 07:17:37, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2005-08-04, 07:17:38, Could not set file for reading on "C:\WINDOWS\MEMORY.DMP": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-2ED3360E.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\ALOGSERV.EXE-00FDB330.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\CALC.EXE-02CD573A.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANUP.EXE-1B0F5664.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-013DBFB5.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\DEP.EXE-0665AE3D.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\ENCARTA.EXE-34B4AB23.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\EVILLYRICS.EXE-19359D02.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\FIREFOX.EXE-28641590.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\FLASHGOT.EXE-0911268A.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-3862B6F5.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-2878DDA2.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\HH.EXE-2D1A70B3.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\HIJACKTHIS.EXE-2AF68D7A.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\IPLAYER.EXE-175B4628.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\JUSCHED.EXE-03DB2BA9.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-2B6052DE.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\NBA2005.EXE-16929B61.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\OSA.EXE-2CD63980.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\RASAUTOU.EXE-18B88A68.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-15E942E0.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-26DA8C9B.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-2A94BB85.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-44787B80.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4A5A9D78.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\SSSTARS.SCR-2D6FC20D.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.COM-0471CE2B.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSCLEAN.EXE-172E02F5.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\THGUARD.EXE-1F492078.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\TROJANHUNTER.EXE-2953146E.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\TSC.BIN-240E814B.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\VSMAIN.EXE-03F6B22C.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\VSSTAT.EXE-270F4533.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\WINAMP.EXE-0D0189CA.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\WINAMPA.EXE-0536E33F.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-29F5CB89.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\WINZIP32.EXE-335422C1.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\YMSGR_TRAY.EXE-256366BA.pf": Access is denied.
2005-08-04, 07:19:04, Could not set file for reading on "C:\WINDOWS\Prefetch\YPAGER.EXE-31587640.pf": Access is denied.
2005-08-04, 07:20:12, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2005-08-04, 07:20:12, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-08-04, 07:20:12, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2005-08-04, 07:20:12, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-08-04, 07:20:12, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-08-04, 07:20:12, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-08-04, 07:20:12, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2005-08-04, 07:20:12, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-08-04, 07:20:12, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2005-08-04, 07:20:13, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-08-04, 07:21:05, Running scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN"...
2005-08-04, 07:47:25, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 8/4/2005 07:21:07
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 757 (105699 Patterns) (2005/08/02) (275700)
Command Line: C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\Sysclean

C:\Documents and Settings\Administrator\My Documents\My Webs\stolenfromjen.htm [VBS_SORACI.A]
C:\Documents and Settings\Basuraman\Desktop\Leo\HTML\jenranches.tripod[2] [VBS_SORACI.A]
114944 files have been read.
114944 files have been checked.
56622 files have been scanned.
93010 files have been scanned. (including files in archived)
6 files containing viruses.
Found 13 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/4/2005 07:47:25
---------*---------*---------*---------*---------*---------*---------*---------*
2005-08-04, 07:47:25, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 8/4/2005 07:21:07
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 757 (105699 Patterns) (2005/08/02) (275700)
Command Line: C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\Sysclean

Success Clean [ JAVA_BYTEVER.A]( 1) from C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\285.jar-1f53e5b7-26a1c3ab.zip,(Dummy.class)
Success Clean [ JAVA_BYTEVER.G]( 1) from C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-32b0cf43-3533ccb0.zip,(Beyond.class)
Success Clean [ JAVA_BYTEVER.A]( 1) from C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-78f63e81-4b002ae4.zip,(Installer.class)
Success Clean [ JAVA_BYTEVER.R]( 1) from C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-50e6db37.zip,(javainstaller\InstallerApplet.class)
Success Clean [ VBS_SORACI.A]( 1) from C:\Documents and Settings\Administrator\My Documents\My Webs\stolenfromjen.htm
Success Clean [ VBS_SORACI.A]( 1) from C:\Documents and Settings\Basuraman\Desktop\Leo\HTML\jenranches.tripod[2]
114944 files have been read.
114944 files have been checked.
56622 files have been scanned.
93010 files have been scanned. (including files in archived)
6 files containing viruses.
Found 13 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/4/2005 07:47:25 26 minutes 17 seconds (1576.77 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-08-04, 07:47:25, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 8/4/2005 07:21:07
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 757 (105699 Patterns) (2005/08/02) (275700)
Command Line: C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\Sysclean

114944 files have been read.
114944 files have been checked.
56622 files have been scanned.
93010 files have been scanned. (including files in archived)
6 files containing viruses.
Found 13 viruses totally.
Maybe 0 viruses totally.
Stop At : 8/4/2005 07:47:25 26 minutes 17 seconds (1576.77 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-08-04, 07:47:25, Scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN" has finished running.


thanks :tazz:
  • 0

#6
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Basuraman

Trend Micro found several viruses and removed them, good thing we ran it.

Please navigate to this folder:

C:\WINDOWS\Prefetch

and delete the entire contents of that folder. To do this, click Edit on top and "select all". Once you do this on the left pane you will see an option "delete all selected items", click on that.

Next, let's update your java and empty the cache.

1. Click Start > Control Panel.

2. Double-click the Java icon (coffee cup) in the control panel. It will say "Java Plug-in" under the icon - please find the update button or tab in that Java control panel. Update your Java, and reboot.

After reboot, go back into the Control Panel and double-click the Java icon.

3. Under Temporary Internet Files, click the Delete Files button.

There are three options on this window to clear the cache - leave ALL 3 checked.
1. Downloaded Applets
2. Downloaded Applications
3. Other Files

4. Click OK on Delete Temporary Files window.
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

5. Click OK to leave the Java Control Panel.

For your mouse, first let's try this:

Right click on My Computer and choose Properties

Under Hardware click on Device Manager. See if there are any exclamation marks (!) in a yellow circle there. You can right click on an entry and choose Properties for any device. Your mouse will also be listed there under "Mice and other pointing devices". Choose properties for your mouse. In the Properties window that opens click "troubleshoot" and follow the Windows instructions from there. As for your reboot problem I'll try to do some research and get back to you. Please report back about the mouse problem.

Regards,

Armodeluxe
  • 0

#7
Basuraman

Basuraman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
arghh...i give up.
my java won't update...
it just won't finish downloading.
the java icon on the sytem try would just disappear after a couple minutes w/ out any notification.
if it did finish downloading then it should notify me about the next step w/c is installation because I already set it in the options.
there was this one time though...
Download express popped out and did the download...
But when i tried to install it there were some missing files...
so i ended up deleting the package and started all over again but this time download express didn't pop out.

anyhoo...
about the mouse...
i ran all the test and it came out fine.
so i guess it's okay now because i haven't experienced the same problem ever since i ran the last virus scan :tazz:
  • 0

#8
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Basuraman

Good to hear the mouse problem is resolved. Let's do a system check on your computer.

We are going to run System File Checker, to make sure all of your protected files are not corrupt. The scan will automatically replace any corrupt files that it finds.

Click Start
Select Run
At the prompt type sfc /scannow Please note that there is a single space between sfc and /scannow.

Typing this will start the program, and a box should appear telling you how much longer the process should take.

Sometimes the scan will prompt you for your Windows XP disc upon starting the scan. if this happens please make sure that you can view protected files:My Computer
Tools
Folder Options
View
"Uncheck" Hide protected operating system files.
Then rerun the scan. If this still asks you to put in your windows XP CD, and you do not have the CD (If you bought it preinstalled) post back for more tips, otherwise enter Windows CD.

Once the scan is complete:

Check your Windows Updates! After using the File Protection Service, you might need to reapply some updates.

Please reboot, and let me know if anything has changed.

Also, please rehide the protected files:My Computer
Tools
Folder Options
View
"Check" Hide protected operating system files.

  • 0

#9
Basuraman

Basuraman

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
er... no can do boss ;)
it keeps asking me to put in the CD :tazz:

so what about the java update?
what do you think happened?
  • 0

#10
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Hi Basuraman

I don't know what went wrong but I found an alternative solution for you. You might have better luck if you download the JRE installation file and then click it to install.

Go here

http://java.sun.com/....0/download.jsp

Select the JRE 5.0 Update 4 download, then click through the license and select
Windows Offline Installation. Save it, close other programs (especially any antivirus), then click it to install. Just below the download there is also a link to installation instructions.

Hope this helps..

Regards,

Armodeluxe
  • 0

#11
Armodeluxe

Armodeluxe

    Member 2k

  • Retired Staff
  • 2,744 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP