|
| ||
| trojan.cachecachekit NAV popup won't go away Good day everyone. A couple of days ago my norton av caught trojan.cachecachekit. now the popup nav window keeps coming up, and it can't get it to go away. I tried the following without success: in safe mode, i ran: ewido killbox ad-ware cleanup still didn't stop in Now I just ran Hijack this, and her is the log (i haven't fixed anything yet): Logfile of HijackThis v1.99.1 Scan saved at 11:31:16 AM, on 7/15/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\Program Files\Promise\Utility\MsgAgt.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\Explorer.EXE C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Outlook Express\msimn.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Shortcut to Microsoft Outlook.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O15 - Trusted Zone: http://www.norton.com O15 - Trusted Zone: securityresponse.symantec.com O15 - Trusted Zone: www.update.symantec.com O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDACE83-556A-4DF0-96CD-8DC40D475DED}: NameServer = 201.225.225.225,201.225.225.226,201.224.73.162 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: WIN32 (image) - Unknown owner - C:\WINNT\image.exe (file missing) O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Local Security Authority System Service (Local Security Authority System) - Unknown owner - C:\WINNT\lsass.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
| ||
| Re: trojan.cachecachekit NAV popup won't go away Open NotePad, and copy the contents of the below "Code" box:- cd %windir%Go to File Menu > Save As, and save the file with the name Test.bat and exit from NotePad. Download Sysclean Pacakge, create a folder named Sysclean on Desktop, and put the downloaded file to that folder. Next download the pattern file for Windows OS (pattern file will have a name like lpt731.zip ) and extract the contents of the ZIP file to the same Sysclean folder. Download CleanUp! and install it, do not run it now. Next, download AboutBuster. Reboot in Safe Mode. Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1 O15 - Trusted Zone: http://www.norton.com O15 - Trusted Zone: securityresponse.symantec.com O15 - Trusted Zone: www.update.symantec.com O23 - Service: WIN32 (image) - Unknown owner - C:\WINNT\image.exe (file missing) O23 - Service: Local Security Authority System Service (Local Security Authority System) - Unknown owner - C:\WINNT\lsass.exe Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis. Go to Start > Run and type services.msc and press ENTER. In the Services window that opens up, navigate to the service named WIN32 (image) and right-click it, and select "Properties". In the Property window, click Stop in the "Service Status" option box. After this, in the "Startup" option box, select Disabled from the dropdown menu. Click "Apply" and then "OK". Repeat the above operations for this service too:- Local Security Authority System Service (Local Security Authority System) Exit from Services window. Double-Click on the file Test.bat, a small DOS type window should open and close immediately. Next, run AboutBuster and click "Begin Removal". After this, run CleanUp!, click "Options" button, move the "Quick Setup" slider to "Thorough CleanUp!" and click "Yes" for the warning message and exit from Options. Click "CleanUp!" to start cleaning. After cleaning, click "Close", and choose "No" to avoid the restart of the PC. Next, double-click on the sysclean.com file, and after few seconds, the Sysclean window appears. Here make sure that Automatically clean or delete infected files option is selected. Then click "Scan". After the scan is complete it gives a log, save the log file. Run HijackThis again. Then click Do a System scan and save log, and post the fresh log along with the Sysclean log. |
| ||
| Re: trojan.cachecachekit NAV popup won't go away good day, SwatKat. I went through your procedures, and got to the point where I'm supposed to run "About Buster" - but it would not open, saying the file was corrupted. I tried downloading again, but same result, So moving on anyway, I went to run Sysclean, but after configuring, when I started the scan, a popup said "Pattern file 'LPT$VPN' is missing. Please download a new copy" How can I get that LPT$VPN file? The Sysclean won't proceed without it. Thanks. |
| ||
| Re: trojan.cachecachekit NAV popup won't go away I got sysclean to work. ( i had extractedthe zip file to the sysclean folder I created, but left the program unloaded on the desktop outside the folder - once I put it in the folder with that lpt$vn file it worked) will continue on then and post the Hijack this log once I'm done. thanks. |
| ||
| Re: trojan.cachecachekit NAV popup won't go away /--------------------------------------------------------------\ | Trend Micro Sysclean Package | | Copyright 2002, Trend Micro, Inc. | | http://www.trendmicro.com | \--------------------------------------------------------------/ 2005-07-18, 09:21:34, Auto-clean mode specified. 2005-07-18, 09:21:34, Running scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\TSC.BIN"... 2005-07-18, 09:21:55, Scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\TSC.BIN" has finished running. 2005-07-18, 09:21:55, TSC Log: Damage Cleanup Engine (DCE) 3.9(Build 1020) Windows 2000(Build 2195: Service Pack 4) Start time : Mon Jul 18 2005 09:21:35 Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Administrator\Desktop\Sysclean\tsc.ptn" (version 627) [success] Complete time : Mon Jul 18 2005 09:21:55 Execute pattern count(4102), Virus found count(0), Virus clean count(0), Clean failed count(0) 2005-07-18, 09:22:03, An error occurred while scanning file "C:\Documents and Settings\Administrator\NTUSER.DAT": Access is denied. 2005-07-18, 09:22:03, An error occurred while scanning file "C:\Documents and Settings\Administrator\ntuser.dat.LOG": Access is denied. 2005-07-18, 09:36:43, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied. 2005-07-18, 09:36:43, An error occurred while scanning file "C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\NetHood\EVADISK on Evans pc\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (10)\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (11)\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (2)\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (3)\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (4)\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (5)\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (6)\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (7)\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (8)\*.*": The system cannot find the path specified. 2005-07-18, 09:43:08, An error was detected on "C:\Documents and Settings\Administrator\Recent\EVADISK on Evans pc (9)\*.*": The system cannot find the path specified. 2005-07-18, 10:00:35, Could not set file for reading on "C:\RECYCLER\NPROTECT\NPROTECT.LOG": Access is denied. 2005-07-18, 10:00:36, An error was detected on "C:\System Volume Information\*.*": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\default": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\software": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\system": Access is denied. 2005-07-18, 10:05:49, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Access is denied. 2005-07-18, 10:07:41, Running scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN"... 2005-07-18, 10:35:01, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 7/18/2005 10:07:42 VSAPI Engine Version : 7.510-1002 VSCANTM Version : 1.1-1001 Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100) Command Line: C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\Sysclean 36517 files have been read. 36517 files have been checked. 29057 files have been scanned. 56228 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 7/18/2005 10:35:01 ---------*---------*---------*---------*---------*---------*---------*---------* 2005-07-18, 10:35:01, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 7/18/2005 10:07:42 VSAPI Engine Version : 7.510-1002 VSCANTM Version : 1.1-1001 Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100) Command Line: C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\Sysclean 36517 files have been read. 36517 files have been checked. 29057 files have been scanned. 56228 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 7/18/2005 10:35:01 27 minutes 14 seconds (1633.94 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-07-18, 10:35:01, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 7/18/2005 10:07:42 VSAPI Engine Version : 7.510-1002 VSCANTM Version : 1.1-1001 Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100) Command Line: C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Administrator\Desktop\Sysclean 36517 files have been read. 36517 files have been checked. 29057 files have been scanned. 56228 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 7/18/2005 10:35:01 27 minutes 14 seconds (1633.94 seconds) has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-07-18, 10:35:01, Scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN" has finished running. 2005-07-18, 10:35:01, Could not set file for reading on "E:\RECYCLER\NPROTECT\NPROTECT.LOG": Access is denied. 2005-07-18, 10:35:01, An error was detected on "E:\System Volume Information\*.*": Access is denied. 2005-07-18, 10:35:01, Running scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN"... 2005-07-18, 10:35:07, Files Detected: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 7/18/2005 10:35:02 VSAPI Engine Version : 7.510-1002 VSCANTM Version : 1.1-1001 Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100) Command Line: C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Administrator\Desktop\Sysclean 4 files have been read. 4 files have been checked. 2 files have been scanned. 2 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 7/18/2005 10:35:07 ---------*---------*---------*---------*---------*---------*---------*---------* 2005-07-18, 10:35:07, Files Clean: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 7/18/2005 10:35:02 VSAPI Engine Version : 7.510-1002 VSCANTM Version : 1.1-1001 Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100) Command Line: C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Administrator\Desktop\Sysclean 4 files have been read. 4 files have been checked. 2 files have been scanned. 2 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 7/18/2005 10:35:07 0.09 seconds has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-07-18, 10:35:07, Clean Fail: Copyright (c) 1990 - 2004 Trend Micro Inc. Report Date : 7/18/2005 10:35:02 VSAPI Engine Version : 7.510-1002 VSCANTM Version : 1.1-1001 Virus Pattern Version : 731 (104621 Patterns) (2005/07/14) (273100) Command Line: C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Administrator\Desktop\Sysclean 4 files have been read. 4 files have been checked. 2 files have been scanned. 2 files have been scanned. (including files in archived) 0 files containing viruses. Found 0 viruses totally. Maybe 0 viruses totally. Stop At : 7/18/2005 10:35:07 0.09 seconds has elapsed. ---------*---------*---------*---------*---------*---------*---------*---------* 2005-07-18, 10:35:07, Scanner "C:\Documents and Settings\Administrator\Desktop\Sysclean\VSCANTM.BIN" has finished running. Logfile of HijackThis v1.99.1 Scan saved at 10:36:28 AM, on 7/18/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\Explorer.EXE C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Shortcut to Microsoft Outlook.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDACE83-556A-4DF0-96CD-8DC40D475DED}: NameServer = 201.225.225.225,201.225.225.226,201.224.73.162 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
| ||
| Re: trojan.cachecachekit NAV popup won't go away swatkat, I just posted results sysclean and hijackthis above. i've rebooted in normal mode and thus far have not seen the Norton AV popup which has been driving me insane. Thanks for your kind help -- I'm standing by anyway incase you see something in the logs. Rgds, Jason |
| ||
| Re: trojan.cachecachekit NAV popup won't go away Hi, Log looks better. There are some things to be removed now. Download AboutBuster. Run HijackThis, select these entries:- R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cust...search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/cust.../www.yahoo.com Close all other running programs, click "Fix Checked" in HijackThis. Exit from HijackThis, and run AboutBuster, click "Begin Removal". After this, reboot the PC, and post a fresh HijackThis log. |
| ||
| Re: trojan.cachecachekit NAV popup won't go away AboutBuster 5.0 reference file 31 Scan started on [7/18/2005] at [3:45:48 PM] ------------------------------------------------ No Ads Found! ------------------------------------------------ No Files Found! ------------------------------------------------ Scan was COMPLETED SUCCESSFULLY at 3:45:51 PM Logfile of HijackThis v1.99.1 Scan saved at 3:46:23 PM, on 7/18/2005 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\WINNT\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINNT\system32\spoolsv.exe C:\WINNT\System32\svchost.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Ahead\InCD\InCDsrv.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\WINNT\System32\nvsvc32.exe C:\Program Files\Promise\Utility\MsgAgt.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\Explorer.EXE C:\WINNT\system32\svchost.exe C:\WINNT\System32\svchost.exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe C:\Program Files\Ahead\InCD\InCD.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\PROGRA~1\WINZIP\winzip32.exe C:\Documents and Settings\Administrator\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?.home=ytie R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=ytie O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb03.exe O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\\NeroCheck.exe O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: Shortcut to Microsoft Outlook.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{FBDACE83-556A-4DF0-96CD-8DC40D475DED}: NameServer = 201.225.225.225,201.225.225.226,201.224.73.162 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe O23 - Service: Promise RAID message agent (RAIDmAgt) - Promise Technology, Inc. - C:\Program Files\Promise\Utility\MsgAgt.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe |
| ||
| Re: trojan.cachecachekit NAV popup won't go away Swatkat, just posted above About logfile and Hijackthis log. Waiting to hear from you on anything. Thanks! |
| ||
| Re: trojan.cachecachekit NAV popup won't go away Hi Jasonatpanama, Log looks clean :D |
| All times are GMT -4. The time now is 2:45 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC