0

when i try to open control panel an error message pops up saying i cannot enter because im not administrator but i am log on as administrator. i also cannot open my properties either. Here is my log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 오후 12:19:48, on 2007-08-22
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Programs\Ad-Aware\aawservice.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\QuickTime\qttask.exe
D:\Programs\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\rsvp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\winlogon.exe
C:\Documents and Settings\Administrator\바탕 화면\HiJackThis.exe

O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programs\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [iCall Internet Phone] "D:\Programs\icall\iCall\iCall\iCall.exe" /startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] "d:\programs\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Programs\Daemon\DAEMON Tools\daemon.exe" -lang 1033 -noicon
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] ctfmon.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [ctfmon.exe] ctfmon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-484763869-1085031214-682003330-1004\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'James')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] ctfmon.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: 플래쉬겟으로 모두 받기 - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: 플래쉬겟으로 받기 - C:\PROGRA~1\FlashGet\jc_link.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Programs\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Programs\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=www.naver.com
O16 - DPF: {072039AB-2117-4ED5-A85F-9B9EB903E021} (NowStarter Control) - http://www.clubbox.co.kr/neo.fld/NowStarter.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.crezio.com/test/leeyunho/AlwaysOn/AlwaysOn.CAB
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {325AB8C2-1609-4040-948F-697D52D4CF2B} -
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum455.txt
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programs\Ad-Aware\aawservice.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod 서비스 (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe

--
End of file - 7566 bytes

2
Contributors
5
Replies
6
Views
9 Years
Discussion Span
Last Post by gerbil
0

The first one I find interesting [the O14 entry]- do you use this site? If you are happy with it, drop it from the fix list:

O14 - IERESET.INF: START_PAGE_URL=www.naver.com
O16 - DPF: {325AB8C2-1609-4040-948F-697D52D4CF2B} -
O20 - AppInit_DLLs: C:\WINDOWS\system32\hrum455.txt

Start hijackthis, select Scan Only, place checkmarks against all the entries listed above that still exist, and then press Fix Checked.
Good, now delete this file:
C:\WINDOWS\system32\hrum455.txt
If it plays hard, delete it in safe mode or use this:
==This one is a general purpose deleter, Unlocker 1.8.5: http://filehippo.com/download_unlocker/
Dclick the exe to install it, unchecking the updater and assistant boxes. It runs from the rclick context menu, and that is cool.
With this tool you can either unlock a file and delete it normally, or use delete from the drop down menu.
Say how your sys is...

0

thanks alot! but theres still an issue with my control panel and properties, my control panel completely disappeared from my start button and it wont allow me to access my properties

0

Please run this to follow up.
==Download this file to your desktop: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- to run it dclick combofix.exe and follow the prompts to start it. When finished, it will produce a log, C:\Combofix.txt - post that log in your next reply.
A word of caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.
You may as well do this also: Reg keys/batch file text
==Please copy the text between the lines to a notepad and save as showkey.bat, as type "all files", to your desktop; dclick it to run, then post the file C:\showkey.txt
__________________________________________________________
reg query "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer"
__________________________________________________________

0

Oh Wow! thanks a bunch, i can finally open it! heres my log though!
((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-08-19 14:48 806 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-08-19 14:48 8014 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-08-15 17:35 --------- d-------- C:\Program Files\FlashGet
2007-08-15 00:12 --------- d-------- C:\Program Files\Windows Live Safety Center
2007-08-01 21:24 77824 --a------ C:\WINDOWS\system32\nod.dll
2007-07-30 21:06 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-28 19:20 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-07-28 19:20 --------- d-------- C:\DOCUME~1\ADMINI~1\APPLIC~1\Lavasoft
2007-07-28 19:19 --------- d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-07-01 10:39 247808 --a------ C:\WINDOWS\system32\npscan.dll
2004-10-01 02:00 40960 --a------ C:\Program Files\Uninstall_CDS.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-13 20:11]
"SoundMAX"="C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" [2004-09-22 23:41]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="D:\Programs\iTunesHelper.exe" [2007-03-14 19:05]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-03-24 05:11]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48]
"iCall Internet Phone"="D:\Programs\icall\iCall\iCall\iCall.exe" [2007-07-14 00:27]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-02 23:04]
"osCheck"="C:\Program Files\Norton AntiVirus\osCheck.exe" [2006-09-05 17:22]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 08:00]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54]
"Steam"="d:\programs\steam\steam.exe" [2007-06-29 10:53]
"DAEMON Tools"="D:\Programs\Daemon\DAEMON Tools\daemon.exe" [2007-04-03 18:29]

C:\DOCUME~1\ADMINI~1\시작메~1\프로그램\시작프~1\
OneNote 2007 Screen Clipper and Launcher.lnk - D:\Programs\Microsoft 2007\Office12\ONENOTEM.EXE [2006-10-26 20:24:54]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoInstrumentation"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoChangeAnimation"=1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"=0 (0x0)
"NoInstrumentation"=1 (0x1)
"NoSMConfigurePrograms"=1 (0x1)
"NoRecentDocsMenu"=1 (0x1)
"NoChangeAnimation"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LGODDFU]
"C:\Program Files\lg_fwupdate\fwupdate.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"

R3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys
S1 LIKECDN2;LIKECDN2;C:\WINDOWS\system32\DRIVERS\LIKECDN2.sys
S1 LIKECDN3;LIKECDN3;C:\WINDOWS\system32\DRIVERS\LIKECDN3.sys
S1 XSPACEW3;XSPACEW3;\??\C:\WINDOWS\system32\drivers\XSpaceW3.sys
S3 XDva004;XDva004;\??\C:\WINDOWS\system32\XDva004.sys

*Newly Created Service* - CATCHME

Contents of the 'Scheduled Tasks' folder
2007-08-23 18:24:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
2007-08-25 00:53:27 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Administrator.job - C:\PROGRA~1\NORTON~1\Navw32.exe

**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-08-26 23:07:57
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-08-26 23:08:32
C:\ComboFix-quarantined-files.txt ... 2007-08-26 23:08

--- E O F ---

Thanks a BUNCH!!

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.