 |  |  |  |  |  |  |  |
Norton WMI Update doesn't work
 |
•
•
Join Date: Apr 2004
Posts: 89
Reputation: 
Solved Threads: 0
Junior Poster in Training
I had a little viruses attack on my computer. Did my best to get rid of them, but still some things, like Norton WMI Update, don't work. Would you be so kind to have a look in my Hjt log? (windows2000)
Logfile of HijackThis v1.98.2
Scan saved at 12:23:12, on 30/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\הפוך על הפוך\hebrew.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\dls\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,FF.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\הפוך על הפוך\hebrew
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &יצ×? ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co.il/site/Installer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D788EA0-403D-4FEE-A520-95B2284A14B0}: NameServer = 62.219.186.7 192.115.106.35
Logfile of HijackThis v1.98.2
Scan saved at 12:23:12, on 30/09/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\ZONELABS\vsmon.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\הפוך על הפוך\hebrew.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\dls\HijackThis.exe
C:\WINNT\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,FF.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\הפוך על הפוך\hebrew
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &יצ×? ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co.il/site/Installer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D788EA0-403D-4FEE-A520-95B2284A14B0}: NameServer = 62.219.186.7 192.115.106.35
Have you tried running Norton's Live Update to see if that would fix your WMI problem?
I don't see anything obvious (to me) in your log, maybe one of the pro's can spot something.
I don't see anything obvious (to me) in your log, maybe one of the pro's can spot something.
•
•
Join Date: Dec 2003
Posts: 2,414
Reputation:
Solved Threads: 123
Have you tried disabling ZoneAlarm temporarily, and then tried the update? Just a thought, as I've seen ZoneAlarm do some really odd things before.
Alex Cavnar, aka alc6379
•
•
Join Date: Apr 2004
Posts: 89
Reputation:
Solved Threads: 0
Junior Poster in Training
I've tried to uninstall norton antivirus, and than I uninstalled ZoneAlarm, and than I reinstalled Norton Antivirus, but still I have the WMI problem, and still the computer works too slow.
Here is a new log, this time without ZoneAlarm:
Logfile of HijackThis v1.98.2
Scan saved at 07:32:28, on 08/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\dls\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,FF.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\הפוך על הפוך\hebrew
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &יצ×? ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co.il/site/Installer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D788EA0-403D-4FEE-A520-95B2284A14B0}: NameServer = 62.219.186.7 192.115.106.35
Here is a new log, this time without ZoneAlarm:
Logfile of HijackThis v1.98.2
Scan saved at 07:32:28, on 08/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\system32\regsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\ctfmon.exe
C:\dls\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,FF.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\הפוך על הפוך\hebrew
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: &יצ×? ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co.il/site/Installer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D788EA0-403D-4FEE-A520-95B2284A14B0}: NameServer = 62.219.186.7 192.115.106.35
•
•
Join Date: Apr 2004
Posts: 89
Reputation:
Solved Threads: 0
Junior Poster in Training
If the HJT looks ok, how comes that Norton Antivirus Scan finds:
Category: Threat alerts
Date,Feature,Threat Name,Action Taken,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
08/10/2004 14:34:52,Virus scanner,Hacktool.Keygen.151552,Delete failed,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: Hack toolSource: E:\RECYCLED\De1.exe,Description: The file E:\RECYCLED\De1.exe is a Hack tool threat."
08/10/2004 14:34:52,Virus scanner,Hacktool.Keygen.151552,Delete failed,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: Hack toolSource: Symantec.Norton.Antivirus.2004.Professional.v10.0.0.109.WinAll.Incl.Keygenerator-TMG\keygen.exe,Description: The compressed file keygen.exe within C:\Program Files\eMule\incoming\ntnaivs.2004.Pro.Final.With.Crack.[oshrinu].[LioNetwork.net].rar is a Hack tool threat."
08/10/2004 13:26:43,Virus scanner,W32.Netsky.D@mm,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: document_full.pif,Description: The email attachment document_full.pif is infected with the W32.Netsky.D@mm virus."
08/10/2004 12:14:28,Virus scanner,W32.Netsky.P@mm!enc,Quarantined,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: C:\DOCUME~1\SMADDA~1.PC-\LOCALS~1\Temp\CC249.tmp,Description: The file C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Temp\CC249.tmp is infected with the W32.Netsky.P@mm!enc virus."
08/10/2004 12:14:28,Virus scanner,W32.Netsky.P@mm,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: message.scr,Description: The email attachment message.scr is infected with the W32.Netsky.P@mm virus."
08/10/2004 12:04:32,Virus scanner,W32.Netsky.P@mm,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: data.pif,Description: The email attachment data.pif is infected with the W32.Netsky.P@mm virus."
08/10/2004 12:04:32,Virus scanner,W32.Netsky.P@mm!enc,Quarantined,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: C:\DOCUME~1\SMADDA~1.PC-\LOCALS~1\Temp\CC247.tmp,Description: The file C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Temp\CC247.tmp is infected with the W32.Netsky.P@mm!enc virus."
08/10/2004 10:51:13,Auto-Protect,Backdoor.Sdbot.AC,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,Administrator,PC-HOME,Source: C:\WINNT\system32\svchos.exe
08/10/2004 10:49:45,Auto-Protect,Backdoor.Sdbot.AC,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,Administrator,PC-HOME,Source: C:\WINNT\system32\svchos.exe
08/10/2004 10:20:47,Virus scanner,W32.Netsky.D@mm,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: your_file.pif,Description: The email attachment your_file.pif is infected with the W32.Netsky.D@mm virus."
08/10/2004 10:11:49,Auto-Protect,W32.Randex,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,Administrator,PC-HOME,Source: C:\WINNT\system32\msnmsgr.exe
08/10/2004 09:12:58,Auto-Protect,W32.Randex.BLD,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,Administrator,PC-HOME,Source: C:\WINNT\system32\rcf.exe
08/10/2004 07:48:13,Auto-Protect,W32.Spybot.Worm,Automatically deleted,File,N/A,N/A,200410060020,10.0.0.109,Administrator,PC-HOME,Source: C:\WINNT\system32\svchosts.exe
and Panda ActiveScan finds:
Incident Status Location
Virus:W32/Sdbot.gen.worm Disinfected C:\WINNT\system32\payload.dat
Virus:W32/Sdbot.gen.worm Disinfected C:\WINNT\system32\MSsrvs32.exe
Everytime I scan my computer I find some threads. Do you think you can help me get my computer back?
And by the way, does it makes sense that the size of the folder "WINNT" is 1.25 GB?
Category: Threat alerts
Date,Feature,Threat Name,Action Taken,Item Type,Target,Suspicious Action,Virus Definition Version,Product Version,User Name,Computer Name,Details
08/10/2004 14:34:52,Virus scanner,Hacktool.Keygen.151552,Delete failed,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: Hack toolSource: E:\RECYCLED\De1.exe,Description: The file E:\RECYCLED\De1.exe is a Hack tool threat."
08/10/2004 14:34:52,Virus scanner,Hacktool.Keygen.151552,Delete failed,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: Hack toolSource: Symantec.Norton.Antivirus.2004.Professional.v10.0.0.109.WinAll.Incl.Keygenerator-TMG\keygen.exe,Description: The compressed file keygen.exe within C:\Program Files\eMule\incoming\ntnaivs.2004.Pro.Final.With.Crack.[oshrinu].[LioNetwork.net].rar is a Hack tool threat."
08/10/2004 13:26:43,Virus scanner,W32.Netsky.D@mm,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: document_full.pif,Description: The email attachment document_full.pif is infected with the W32.Netsky.D@mm virus."
08/10/2004 12:14:28,Virus scanner,W32.Netsky.P@mm!enc,Quarantined,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: C:\DOCUME~1\SMADDA~1.PC-\LOCALS~1\Temp\CC249.tmp,Description: The file C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Temp\CC249.tmp is infected with the W32.Netsky.P@mm!enc virus."
08/10/2004 12:14:28,Virus scanner,W32.Netsky.P@mm,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: message.scr,Description: The email attachment message.scr is infected with the W32.Netsky.P@mm virus."
08/10/2004 12:04:32,Virus scanner,W32.Netsky.P@mm,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: data.pif,Description: The email attachment data.pif is infected with the W32.Netsky.P@mm virus."
08/10/2004 12:04:32,Virus scanner,W32.Netsky.P@mm!enc,Quarantined,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: C:\DOCUME~1\SMADDA~1.PC-\LOCALS~1\Temp\CC247.tmp,Description: The file C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Temp\CC247.tmp is infected with the W32.Netsky.P@mm!enc virus."
08/10/2004 10:51:13,Auto-Protect,Backdoor.Sdbot.AC,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,Administrator,PC-HOME,Source: C:\WINNT\system32\svchos.exe
08/10/2004 10:49:45,Auto-Protect,Backdoor.Sdbot.AC,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,Administrator,PC-HOME,Source: C:\WINNT\system32\svchos.exe
08/10/2004 10:20:47,Virus scanner,W32.Netsky.D@mm,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,smaddar,PC-HOME,",Threat category: VirusSource: your_file.pif,Description: The email attachment your_file.pif is infected with the W32.Netsky.D@mm virus."
08/10/2004 10:11:49,Auto-Protect,W32.Randex,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,Administrator,PC-HOME,Source: C:\WINNT\system32\msnmsgr.exe
08/10/2004 09:12:58,Auto-Protect,W32.Randex.BLD,Automatically deleted,File,N/A,N/A,200410060020,10.0.1.13,Administrator,PC-HOME,Source: C:\WINNT\system32\rcf.exe
08/10/2004 07:48:13,Auto-Protect,W32.Spybot.Worm,Automatically deleted,File,N/A,N/A,200410060020,10.0.0.109,Administrator,PC-HOME,Source: C:\WINNT\system32\svchosts.exe
and Panda ActiveScan finds:
Incident Status Location
Virus:W32/Sdbot.gen.worm Disinfected C:\WINNT\system32\payload.dat
Virus:W32/Sdbot.gen.worm Disinfected C:\WINNT\system32\MSsrvs32.exe
Everytime I scan my computer I find some threads. Do you think you can help me get my computer back?
And by the way, does it makes sense that the size of the folder "WINNT" is 1.25 GB?
•
•
Join Date: Apr 2004
Posts: 89
Reputation:
Solved Threads: 0
Junior Poster in Training
I scaned again with Panda ActiveScan. This time 5 threats were found:
Incident Status Location
Virus:W32/Sdbot.gen.worm No disinfected Operating system
Virus:W32/Sdbot.gen.worm Disinfected C:\WINNT\system32\payload.dat
Virus:W32/Sdbot.gen.worm No disinfected C:\WINNT\system32\MSsrvs32.exe
Virus:W32/Sdbot.gen.worm Disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\C9QZCL2R\new2[1].exe
Virus:W32/Sdbot.gen.worm Disinfected C:\Documents and Settings\smaddar.PC-HOME\payload.dat
Virus:W32/Sdbot.gen.worm Disinfected C:\nuevo23.exe
Incident Status Location
Virus:W32/Sdbot.gen.worm No disinfected Operating system
Virus:W32/Sdbot.gen.worm Disinfected C:\WINNT\system32\payload.dat
Virus:W32/Sdbot.gen.worm No disinfected C:\WINNT\system32\MSsrvs32.exe
Virus:W32/Sdbot.gen.worm Disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\C9QZCL2R\new2[1].exe
Virus:W32/Sdbot.gen.worm Disinfected C:\Documents and Settings\smaddar.PC-HOME\payload.dat
Virus:W32/Sdbot.gen.worm Disinfected C:\nuevo23.exe
•
•
Join Date: Apr 2004
Posts: 89
Reputation:
Solved Threads: 0
Junior Poster in Training
If you find the time, when you find the time, here is a new HJT as well:
Logfile of HijackThis v1.98.2
Scan saved at 16:09:11, on 09/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\filtax.exe
C:\WINNT\SYSTEM32\hgdhp.exe
C:\WINNT\system32\mxxcva.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\filtax.exe
C:\WINNT\system32\mxxcva.exe
C:\dls\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,00.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ynet.co.il/home/0,7340,L-8,FF.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\הפוך על הפוך\hebrew
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Microsoft Video Capture Controls] MVCC.exe
O4 - HKLM\..\Run: [Synchronization Data Schedul] filtax.exe
O4 - HKLM\..\Run: [VQVQEVXfxcX] C:\WINNT\SYSTEM32\hgdhp.exe
O4 - HKLM\..\Run: [sdfwfq] mxxcva.exe
O4 - HKLM\..\Run: [cftmon] cftmon.exe
O4 - HKLM\..\RunServices: [Microsoft Video Capture Controls] MVCC.exe
O4 - HKLM\..\RunServices: [Synchronization Data Schedul] filtax.exe
O4 - HKLM\..\RunServices: [sdfwfq] mxxcva.exe
O4 - HKLM\..\RunServices: [cftmon] cftmon.exe
O4 - HKLM\..\RunOnce: [LUSETUP-LT] C:\PROGRA~1\Symantec\LIVEUP~1\LUSETU~1.EXE -s -a -q -log
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Synchronization Data Schedul] filtax.exe
O4 - HKCU\..\Run: [sdfwfq] mxxcva.exe
O8 - Extra context menu item: &יצ×? ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co.il/site/Installer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D788EA0-403D-4FEE-A520-95B2284A14B0}: NameServer = 192.115.106.31 192.115.106.35
Logfile of HijackThis v1.98.2
Scan saved at 16:09:11, on 09/10/2004
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\system32\filtax.exe
C:\WINNT\SYSTEM32\hgdhp.exe
C:\WINNT\system32\mxxcva.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\filtax.exe
C:\WINNT\system32\mxxcva.exe
C:\dls\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ynet.co.il/home/0,7340,L-8,00.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.ynet.co.il/home/0,7340,L-8,FF.html
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Hebrew] C:\Program Files\הפוך על הפוך\hebrew
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Microsoft Video Capture Controls] MVCC.exe
O4 - HKLM\..\Run: [Synchronization Data Schedul] filtax.exe
O4 - HKLM\..\Run: [VQVQEVXfxcX] C:\WINNT\SYSTEM32\hgdhp.exe
O4 - HKLM\..\Run: [sdfwfq] mxxcva.exe
O4 - HKLM\..\Run: [cftmon] cftmon.exe
O4 - HKLM\..\RunServices: [Microsoft Video Capture Controls] MVCC.exe
O4 - HKLM\..\RunServices: [Synchronization Data Schedul] filtax.exe
O4 - HKLM\..\RunServices: [sdfwfq] mxxcva.exe
O4 - HKLM\..\RunServices: [cftmon] cftmon.exe
O4 - HKLM\..\RunOnce: [LUSETUP-LT] C:\PROGRA~1\Symantec\LIVEUP~1\LUSETU~1.EXE -s -a -q -log
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Temp\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [Synchronization Data Schedul] filtax.exe
O4 - HKCU\..\Run: [sdfwfq] mxxcva.exe
O8 - Extra context menu item: &יצ×? ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...a/SymAData.dll
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/game...ploader_v5.cab
O16 - DPF: {E62A47D8-74B1-4A93-963A-E5E43B7CC5C2} (UCSearch.ucUCSearch) - http://www.zuvio.com/opnste/UCSearch.CAB
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.symantec.com/tech...ActiveData.cab
O16 - DPF: {EC9C20C4-FF24-11D3-81B7-00902776CF54} (InstallerActiveX Class) - http://www.netex.co.il/site/Installer.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{8D788EA0-403D-4FEE-A520-95B2284A14B0}: NameServer = 192.115.106.31 192.115.106.35
•
•
Join Date: Apr 2004
Posts: 89
Reputation:
Solved Threads: 0
Junior Poster in Training
I beleave in you, and I know that sooner or later you will help me 
meanwhile, I have a new message when I restart the computer:
WINUSER32.EXE
access to the specified device, path, or file, is denied.
alot of other strange things happen to this machine. As if it is out of its mind
Waiting for your advice.
meanwhile, I have a new message when I restart the computer:
WINUSER32.EXE
access to the specified device, path, or file, is denied.
alot of other strange things happen to this machine. As if it is out of its mind
Waiting for your advice.
•
•
Join Date: Feb 2004
Posts: 10,034
Reputation: 
Solved Threads: 761
Download sysclean (free) from Trend Micro, allow it to clean up any bad files it finds. It may take a while, so have a cuppa whilst it's running .
http://www.trendmicro.com/download/dcs.asp
Be sure to download and install the latest pattern file. There's a link to it at the lower left-hand colum of the page. It will not run without the pattern file.
From Trend:
Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.
.http://www.trendmicro.com/download/dcs.asp
Be sure to download and install the latest pattern file. There's a link to it at the lower left-hand colum of the page. It will not run without the pattern file.
From Trend:
Note that for the Trend Micro Sysclean Package to be effective, you must download and place the latest pattern file in the same folder as the Trend Micro Sysclean Package.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
•
•
Join Date: Apr 2004
Posts: 89
Reputation:
Solved Threads: 0
Junior Poster in Training
Thank you, Crunchie.
I followed you advice, but it seems (to me) that nothing was found:
/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/
2004-10-10, 08:03:00, Auto-clean mode specified.
2004-10-10, 08:03:00, Running scanner "C:\dls\sysclean\TSC.BIN"...
2004-10-10, 08:03:42, Scanner "C:\dls\sysclean\TSC.BIN" has finished running.
2004-10-10, 08:03:42, TSC Log:
Damage Cleanup Engine (DCE) 3.6(Build 1120)
Windows 2000(Build 2195: Service Pack 4)
Start time : ×? ×?וקטובר 10 2004 08:03:01
Load Damage Cleanup Template (DCT) "C:\dls\sysclean\tsc.ptn" (version 430) [success]
Complete time : ×? ×?וקטובר 10 2004 08:03:42
Execute pattern count(1275), Virus found count(0), Virus clean count(0), Clean failed count(0)
2004-10-10, 08:13:36, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Access is denied.
2004-10-10, 08:13:36, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SOFTWARE": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\DEFAULT": Access is denied.
2004-10-10, 08:37:01, An error occurred while scanning file "C:\Documents and Settings\smaddar.PC-HOME\NTUSER.DAT": Access is denied.
2004-10-10, 08:37:01, An error occurred while scanning file "C:\Documents and Settings\smaddar.PC-HOME\NTUSER.DAT.LOG": Access is denied.
2004-10-10, 08:37:43, An error occurred while scanning file "C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2004-10-10, 08:37:43, An error occurred while scanning file "C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2004-10-10, 08:43:50, An error occurred while scanning file "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll": Access is denied.
2004-10-10, 09:06:04, Running scanner "C:\dls\sysclean\VSCANTM.BIN"...
2004-10-10, 10:37:51, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 09:06:08
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\dls\sysclean
62852 files have been read.
62852 files have been checked.
28763 files have been scanned.
41092 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:37:51
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:37:51, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 09:06:07
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\dls\sysclean
62852 files have been read.
62852 files have been checked.
28763 files have been scanned.
41092 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:37:51 1 hour 31 minutes 42 seconds (5502.12 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:37:51, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 09:06:08
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\dls\sysclean
62852 files have been read.
62852 files have been checked.
28763 files have been scanned.
41092 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:37:51 1 hour 31 minutes 42 seconds (5502.12 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:37:51, Scanner "C:\dls\sysclean\VSCANTM.BIN" has finished running.
2004-10-10, 10:41:31, Running scanner "C:\dls\sysclean\VSCANTM.BIN"...
2004-10-10, 10:41:53, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:41:33
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\dls\sysclean
380 files have been read.
380 files have been checked.
166 files have been scanned.
166 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:41:53
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:41:53, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:41:33
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\dls\sysclean
380 files have been read.
380 files have been checked.
166 files have been scanned.
166 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:41:53 18 seconds (17.43 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:41:53, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:41:33
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\dls\sysclean
380 files have been read.
380 files have been checked.
166 files have been scanned.
166 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:41:53 18 seconds (17.43 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:41:53, Scanner "C:\dls\sysclean\VSCANTM.BIN" has finished running.
2004-10-10, 10:46:03, Running scanner "C:\dls\sysclean\VSCANTM.BIN"...
2004-10-10, 10:47:24, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:46:05
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\dls\sysclean
1270 files have been read.
1270 files have been checked.
505 files have been scanned.
509 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:47:24
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:47:24, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:46:05
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\dls\sysclean
1270 files have been read.
1270 files have been checked.
505 files have been scanned.
509 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:47:24 1 minute 17 seconds (77.53 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:47:24, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:46:05
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\dls\sysclean
1270 files have been read.
1270 files have been checked.
505 files have been scanned.
509 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:47:24 1 minute 17 seconds (77.53 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:47:24, Scanner "C:\dls\sysclean\VSCANTM.BIN" has finished running.
2004-10-10, 10:58:19, Running scanner "C:\dls\sysclean\VSCANTM.BIN"...
2004-10-10, 11:06:28, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:58:20
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\dls\sysclean
6396 files have been read.
6396 files have been checked.
3894 files have been scanned.
4126 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 11:06:28
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 11:06:28, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:58:20
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\dls\sysclean
6396 files have been read.
6396 files have been checked.
3894 files have been scanned.
4126 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 11:06:28 8 minutes 6 seconds (485.46 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 11:06:28, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:58:20
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\dls\sysclean
6396 files have been read.
6396 files have been checked.
3894 files have been scanned.
4126 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 11:06:28 8 minutes 6 seconds (485.46 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 11:06:28, Scanner "C:\dls\sysclean\VSCANTM.BIN" has finished running.
What should I do now?
I followed you advice, but it seems (to me) that nothing was found:
/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/
2004-10-10, 08:03:00, Auto-clean mode specified.
2004-10-10, 08:03:00, Running scanner "C:\dls\sysclean\TSC.BIN"...
2004-10-10, 08:03:42, Scanner "C:\dls\sysclean\TSC.BIN" has finished running.
2004-10-10, 08:03:42, TSC Log:
Damage Cleanup Engine (DCE) 3.6(Build 1120)
Windows 2000(Build 2195: Service Pack 4)
Start time : ×? ×?וקטובר 10 2004 08:03:01
Load Damage Cleanup Template (DCT) "C:\dls\sysclean\tsc.ptn" (version 430) [success]
Complete time : ×? ×?וקטובר 10 2004 08:03:42
Execute pattern count(1275), Virus found count(0), Virus clean count(0), Clean failed count(0)
2004-10-10, 08:13:36, An error occurred while scanning file "C:\WINNT\system32\config\software.LOG": Access is denied.
2004-10-10, 08:13:36, An error occurred while scanning file "C:\WINNT\system32\config\default.LOG": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SECURITY.LOG": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM.ALT": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SAM": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SAM.LOG": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SYSTEM": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\SOFTWARE": Access is denied.
2004-10-10, 08:13:37, An error occurred while scanning file "C:\WINNT\system32\config\DEFAULT": Access is denied.
2004-10-10, 08:37:01, An error occurred while scanning file "C:\Documents and Settings\smaddar.PC-HOME\NTUSER.DAT": Access is denied.
2004-10-10, 08:37:01, An error occurred while scanning file "C:\Documents and Settings\smaddar.PC-HOME\NTUSER.DAT.LOG": Access is denied.
2004-10-10, 08:37:43, An error occurred while scanning file "C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2004-10-10, 08:37:43, An error occurred while scanning file "C:\Documents and Settings\smaddar.PC-HOME\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2004-10-10, 08:43:50, An error occurred while scanning file "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsys.dll": Access is denied.
2004-10-10, 09:06:04, Running scanner "C:\dls\sysclean\VSCANTM.BIN"...
2004-10-10, 10:37:51, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 09:06:08
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\dls\sysclean
62852 files have been read.
62852 files have been checked.
28763 files have been scanned.
41092 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:37:51
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:37:51, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 09:06:07
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\dls\sysclean
62852 files have been read.
62852 files have been checked.
28763 files have been scanned.
41092 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:37:51 1 hour 31 minutes 42 seconds (5502.12 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:37:51, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 09:06:08
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\dls\sysclean
62852 files have been read.
62852 files have been checked.
28763 files have been scanned.
41092 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:37:51 1 hour 31 minutes 42 seconds (5502.12 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:37:51, Scanner "C:\dls\sysclean\VSCANTM.BIN" has finished running.
2004-10-10, 10:41:31, Running scanner "C:\dls\sysclean\VSCANTM.BIN"...
2004-10-10, 10:41:53, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:41:33
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\dls\sysclean
380 files have been read.
380 files have been checked.
166 files have been scanned.
166 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:41:53
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:41:53, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:41:33
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\dls\sysclean
380 files have been read.
380 files have been checked.
166 files have been scanned.
166 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:41:53 18 seconds (17.43 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:41:53, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:41:33
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\dls\sysclean
380 files have been read.
380 files have been checked.
166 files have been scanned.
166 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:41:53 18 seconds (17.43 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:41:53, Scanner "C:\dls\sysclean\VSCANTM.BIN" has finished running.
2004-10-10, 10:46:03, Running scanner "C:\dls\sysclean\VSCANTM.BIN"...
2004-10-10, 10:47:24, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:46:05
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\dls\sysclean
1270 files have been read.
1270 files have been checked.
505 files have been scanned.
509 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:47:24
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:47:24, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:46:05
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\dls\sysclean
1270 files have been read.
1270 files have been checked.
505 files have been scanned.
509 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:47:24 1 minute 17 seconds (77.53 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:47:24, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:46:05
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\dls\sysclean
1270 files have been read.
1270 files have been checked.
505 files have been scanned.
509 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 10:47:24 1 minute 17 seconds (77.53 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 10:47:24, Scanner "C:\dls\sysclean\VSCANTM.BIN" has finished running.
2004-10-10, 10:58:19, Running scanner "C:\dls\sysclean\VSCANTM.BIN"...
2004-10-10, 11:06:28, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:58:20
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\dls\sysclean
6396 files have been read.
6396 files have been checked.
3894 files have been scanned.
4126 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 11:06:28
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 11:06:28, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:58:20
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\dls\sysclean
6396 files have been read.
6396 files have been checked.
3894 files have been scanned.
4126 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 11:06:28 8 minutes 6 seconds (485.46 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 11:06:28, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/10/2004 10:58:20
VSAPI Engine Version : 7.000-1004
VSCANTM Version : 1.1-1001
Virus Pattern Version : 192 (72764 Patterns) (2004/10/08) (219200)
Command Line: C:\dls\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\dls\sysclean
6396 files have been read.
6396 files have been checked.
3894 files have been scanned.
4126 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/10/2004 11:06:28 8 minutes 6 seconds (485.46 seconds) has elapsed.
---------*---------*---------*---------*---------*---------*---------*---------*
2004-10-10, 11:06:28, Scanner "C:\dls\sysclean\VSCANTM.BIN" has finished running.
What should I do now?
|
Similar Threads
- Norton WMI Update does not work (Windows NT / 2000 / XP)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: Not sure ??
- Next Thread: Encryption Alogorithim
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
adware anti-malware anti-virussitesaccessissue antivirus apple attack audio backtoschoolspeech bar blackhat botnet botnets china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia email europe exam facebook fake fancheckvirus gaming gtaiv gumblar halloween hijack internet iphone kaspersky legal logfiles mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm zeroday
