purityscan\clickspring location C:\crash.txt

Question

Joanna 0 Newbie Poster

18 Years Ago

I have the above adware on my pc, picked up by free XoftSpy software. :evil:

Could anyone please advise how to remove it?

Thank you
Joanna

windows-virus

2 Contributors
5 Replies
216 Views
6 Days Discussion Span
Latest Post 18 Years Ago Latest Post by swatkat

All 5 Replies

swatkat 14 Practically a Master Poster

18 Years Ago

Hi,
Download Sysclean Pacakge, create a folder named Sysclean on Desktop, and put the downloaded file to that folder. Next download the pattern file for Windows OS (pattern file will have a name like lpt731.zip ) and extract the contents of the ZIP file to the same Sysclean folder.

Next download Ewido and install it. Then run, you will receive a warning message saying "Database not found", click "OK" for this. Next in the main screen, click "Update" and click "Start Update". After the update process, exit from Ewido.

Boot in SAFE Mode.

Next, double-click on the sysclean.com file, and after few seconds, the Sysclean window appears. Here make sure that Automatically clean or delete infected files option is selected. Then click "Scan". After the scan is complete it gives a log, save the log file.

Run Ewido, click on the "Scanner" button in the left menu, then click on the "Start" button.
If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
When the scan finishes, click on "Save Report". This will create a text file.

Reboot to normal mode. Post the Sysclean log and Ewido log. Also scan with XoftSpy and check whether it detect the threat or not.

swatkat 14 Practically a Master Poster

18 Years Ago

Hi,

Download PurityScan Uninstaller and run it to remove PurityScan, if it is present.
Also, delete crash.txt file that may be present in C:\ drive. Also, can you post the log of Xoftspy? (I have not used Xoftspy, so i dont know how take a scan log :D, if you cant get the log, then post the result of the scan)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

Joanna 0 Newbie Poster · Answer 1 · 2005-07-31T19:48:02+00:00

Hi swatkat

I have followed the advice you gave. Here are the logs;

Xsoftspy is still picking up Purityscan in the smae location.

Sysclean:

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/

2005-07-31, 11:05:50, Auto-clean mode specified.
2005-07-31, 11:05:50, Running scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\TSC.BIN"...
2005-07-31, 11:07:34, Scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\TSC.BIN" has finished running.
2005-07-31, 11:07:34, TSC Log:

Damage Cleanup Engine (DCE) 3.9(Build 1020)
Windows XP(Build 2600: Service Pack 2)

Start time : Sun Jul 31 2005 11:05:51

Load Damage Cleanup Template (DCT) "C:\Documents and Settings\Owner\Desktop\Sysclean\tsc.ptn" (version 631) [success]

Complete time : Sun Jul 31 2005 11:07:34
Execute pattern count(4165), Virus found count(0), Virus clean count(0), Clean failed count(0)

2005-07-31, 11:07:37, An error was detected on "C:\9d8b1fce8cafeb0fbbeac65329af\sp2\*.*": Access is denied.
2005-07-31, 11:07:41, Could not set file for reading on "C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp": Access is denied.
2005-07-31, 11:19:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-07-31, 11:19:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT.LOG": Access is denied.
2005-07-31, 11:19:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-31, 11:19:10, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-31, 11:19:10, An error occurred while scanning file "C:\Documents and Settings\Owner\ntuser.dat": Access is denied.
2005-07-31, 11:19:10, An error occurred while scanning file "C:\Documents and Settings\Owner\NTUSER.DAT.LOG": Access is denied.
2005-07-31, 11:20:06, An error occurred while scanning file "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-07-31, 11:20:06, An error occurred while scanning file "C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-07-31, 12:01:33, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2005-07-31, 12:05:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\user32.dll": Access is denied.
2005-07-31, 12:05:18, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB824141$\win32k.sys": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\colbact.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\comuid.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\es.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll": Access is denied.
2005-07-31, 12:05:19, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB828741$\txflog.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\callcont.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323.tsp": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\msgina.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\mst120.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB835732$\schannel.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\dao360.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjetol1.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\shell32.dll": Access is denied.
2005-07-31, 12:05:22, Could not set file for reading on "C:\WINDOWS\$NtUninstallKB839645$\sxs.dll": Access is denied.
2005-07-31, 12:06:24, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx": Access is denied.
2005-07-31, 12:06:24, Could not set file for reading on "C:\WINDOWS\$NtUninstallQ828026$\wmp.dll": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\873374_ENG.EXE-031D958F.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-2429371C.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-1853B83A.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ALCXMNTR.EXE-30324980.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ALERTAST.EXE-0300091F.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\ALG.EXE-275708CF.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\BLASTCLN.EXE-32F30471.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CCAPP.EXE-10E11A7C.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CCLEANER.EXE-09CFC2BC.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CCPWDSVC.EXE-27405C8C.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CCREGVFY.EXE-32D048B2.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CFGWIZ.EXE-145595C8.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CIDAEMON.EXE-01BEEBF3.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CISVC.EXE-3185911D.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANMGR.EXE-31B430FE.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\CONTROL.EXE-24FBF8B3.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-2858C7E2.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-38C3807C.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DSLAGENT.EXE-21C83774.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DSLSTAT.EXE-067892D1.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-0AF2BF67.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-2C373FB7.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDO-SETUP.EXE-092A9B9E.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDOCTRL.EXE-26F6347E.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EWIDOGUARD.EXE-073C0136.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-02121B1A.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASDTSERV.EXE-05A93754.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASSERV.EXE-2AADC73F.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASSERVALERT.EXE-14D71C0B.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GCASSWUPDATER.EXE-155C9806.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GIANTANTISPYWAREMAIN.EXE-1DBF5BC2.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\GIANTANTISPYWAREUPDATER.EXE-38B532E2.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPCTR.EXE-0BD5B31B.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HELPSVC.EXE-1C192440.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HKCMD.EXE-0F06AE14.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HPHMON05.EXE-1C7A07AD.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQCMON.EXE-0A33F732.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQTRA08.EXE-014253AB.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HPQWRG.EXE-075091D0.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HPSYSDRV.EXE-2AB39D03.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZENG09.EXE-0847757B.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZIPM12.EXE-02312CF9.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\HPZSTC09.EXE-2AE3C4BB.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-2D97EBE6.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-201490BB.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\IS-H8ND2.TMP-21C9E9DD.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\KBD.EXE-0E231C6E.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGAGENT.EXE-2BE87CC2.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-24ADF392.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-312BE1BF.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LUALL.EXE-288D30C1.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\LUCOMS~1.EXE-1DF6F3E9.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MAD.EXE-095DA577.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MATCLI.EXE-1F57CFD6.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MOFCOMP.EXE-266B2314.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MPBTN.EXE-08374FD1.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSDTC.EXE-1D9D8668.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-330626DC.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIUTIL2.EXE-3943AD68.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-32139521.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NAVW32.EXE-32391D9E.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NMAIN.EXE-3A3D97F1.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-2F2D61E1.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\NWIZ.EXE-2D374245.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\OSA9.EXE-0C262942.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\PS2.EXE-23667557.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RECGUARD.EXE-16078673.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\REGEDIT.EXE-2AE3423E.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\REGSVR32.EXE-396DEA2C.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\REMIND_XP.EXE-372C5BFF.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RSTRUI.EXE-05C31B56.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3D540BCC.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3ECA5B52.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4142950D.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-419F288A.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-44D2B0C6.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4532DDE6.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B41185F.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4DED6A50.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4E54B04D.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4FF9832D.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-527366BD.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-55E8DFE1.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-60550A29.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-61254C57.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-6A09524A.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-6C26443B.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-6E8D4657.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-6F69D339.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SAVSCAN.EXE-051DA123.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SECURITYSUITE.EXE-2EFD625D.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SGTRAY.EXE-31581176.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SHWICON2K.EXE-28715F0B.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SNMP.EXE-0DE66EDD.pf": Access is denied.
2005-07-31, 12:12:05, Could not set file for reading on "C:\WINDOWS\Prefetch\SNMPTRAP.EXE-36C11093.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SPUPDSVC.EXE-07BA1E73.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD.EXE-1702AD5F.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SPYBOTSD14.EXE-2CE73C7D.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\SYSOCMGR.EXE-07A918BD.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-06144C13.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\TCPSVCS.EXE-1AE5906B.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UNREGMP2.EXE-0CFB0619.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-038CB280.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-0B60324B.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-10136E3F.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-12D77F59.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-13743D54.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-13D1B731.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-18BF92CA.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-1D6ADD37.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-25161ADB.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIADAP.EXE-32F99497.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-0D449B4F.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WSCNTFY.EXE-0B14C27D.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-1360D60A.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\WUPDMGR.EXE-08F70643.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\XOFTSPY.EXE-0035CD67.pf": Access is denied.
2005-07-31, 12:12:06, Could not set file for reading on "C:\WINDOWS\Prefetch\ZCLIENTM.EXE-2CFD74E5.pf": Access is denied.
2005-07-31, 12:18:34, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Access is denied.
2005-07-31, 12:18:34, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-07-31, 12:18:34, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2005-07-31, 12:18:34, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-07-31, 12:18:34, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Access is denied.
2005-07-31, 12:18:34, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-07-31, 12:18:34, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Access is denied.
2005-07-31, 12:18:34, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-07-31, 12:18:35, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Access is denied.
2005-07-31, 12:18:35, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-07-31, 12:31:34, Running scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN"...
2005-07-31, 13:22:40, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/31/2005 12:31:35
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 751 (105412 Patterns) (2005/07/28) (275100)
Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean

71713 files have been read.
71713 files have been checked.
58641 files have been scanned.
128177 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/31/2005 13:22:39
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-31, 13:22:40, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/31/2005 12:31:35
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 751 (105412 Patterns) (2005/07/28) (275100)
Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean

71713 files have been read.
71713 files have been checked.
58641 files have been scanned.
128177 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/31/2005 13:22:39 50 minutes 59 seconds (3058.78 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-31, 13:22:40, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/31/2005 12:31:35
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 751 (105412 Patterns) (2005/07/28) (275100)
Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean

71713 files have been read.
71713 files have been checked.
58641 files have been scanned.
128177 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/31/2005 13:22:39 50 minutes 59 seconds (3058.78 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-31, 13:22:40, Scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2005-07-31, 13:24:00, Running scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN"...
2005-07-31, 13:31:07, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/31/2005 13:24:01
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 751 (105412 Patterns) (2005/07/28) (275100)
Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean

9403 files have been read.
9403 files have been checked.
8429 files have been scanned.
15747 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/31/2005 13:31:06
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-31, 13:31:07, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/31/2005 13:24:01
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 751 (105412 Patterns) (2005/07/28) (275100)
Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean

9403 files have been read.
9403 files have been checked.
8429 files have been scanned.
15747 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/31/2005 13:31:06 7 minutes (420.17 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-31, 13:31:07, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 7/31/2005 13:24:01
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 751 (105412 Patterns) (2005/07/28) (275100)
Command Line: C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\Owner\Desktop\Sysclean

9403 files have been read.
9403 files have been checked.
8429 files have been scanned.
15747 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/31/2005 13:31:06 7 minutes (420.17 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-31, 13:31:07, Scanner "C:\Documents and Settings\Owner\Desktop\Sysclean\VSCANTM.BIN" has finished running.

Ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 14:34:04, 31/07/2005
+ Report-Checksum: 34FA25FB

+ Scan result:

C:\Documents and Settings\Owner\Cookies\owner@ehg-bskyb.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Anytime\SignupLt.exe/btwebcontrol.dll -> Dialer.Generic : Error during cleaning
C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Reinstall\SignupLt.exe/btwebcontrol.dll -> Dialer.Generic : Error during cleaning
C:\Program Files\Online Services\BTopenworldAnytime\Narrowband\Signup\Standard\SignupLt.exe/btwebcontrol.dll -> Dialer.Generic : Error during cleaning

::Report End

Thanks
Joanna

Joanna 0 Newbie Poster · Answer 2 · 2005-07-31T21:03:59+00:00

Hi

I have just used the Purityscan untinstaller and deleted file crash.txt. I then re-ran Xoftspy. This time it only found tracking cookies (won't allow me to save a log) so I have deleted cookies within internet options.

Do I need to do anything else to be sure its gone?

Here is my hijack, if it helps:

Logfile of HijackThis v1.99.1
Scan saved at 16:03:12, on 31/07/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
c:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\System32\hphmon05.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Multimedia Card Reader\shwicon2k.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\Desktop\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb10.hpwis.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: HP View - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\hpdtlk02.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] c:\Program Files\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NAV CfgWiz] c:\Program Files\Common Files\Symantec Shared\CfgWiz.exe /GUID NAV /CMDLINE "REBOOT"
O4 - HKLM\..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121264903078
O17 - HKLM\System\CCS\Services\Tcpip\..\{63AAA761-BAAF-4578-A155-D5E0BF0F24FB}: NameServer = 194.72.0.98 194.72.9.38
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service (ccPxySvc) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\ccPxySvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Personal Firewall Accounts Manager (NISUM) - Symantec Corporation - c:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

Joanna

swatkat 14 Practically a Master Poster · Answer 3 · 2005-08-01T00:22:50+00:00

Hi,

Download CWShredder, do not run it now.

Reboot in Safe Mode:-
Restart (or switch ON) the PC.
Then, keep tapping the F8 Key.
From the menu that will be displayed, out of which choose Safe Mode and press Enter.

Run CWShredder and click "Begin Removal".

After this, run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-gb10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-gb10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://gb10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gb10.hpwis.com/
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

Delete this file:-
C:\WINDOWS\ALCXMNTR.EXE

Reboot to Normal Mode. Run HijackThis again, click Do a System scan and save log, and post the fresh log. Also, scan with Xoftspy and post bac whether it's detecting any thing.

purityscan\clickspring location C:\crash.txt

Recommended Answers Collapse Answers

All 5 Replies

Recommended Answers