hi.. pls help. I have a problem with tcpip. This file (or virus/spyware)is in C:\. It keeps coming there even if it is deleted by my norton antivirus software.. What can i do? Below is my log from HijackThis. Thanks for your co-operation. Logfile of HijackThis v1.99.1 Scan saved at 16:35:28, on 11/02/2006 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\WINDOWS\System32\Wupdate.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Xfire\Xfire.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Brandon Pace\Desktop\hjt\HijackThis.exe R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/ R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" O4 - HKLM\..\Run: [Windows Workstation Update] Wupdate.exe O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\RunServices: [DGam prosessor] ccynabf.exe O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe O4 - HKLM\..\RunServices: [Asn1 Security] msnmsgrs32.exe O4 - HKLM\..\RunServices: [Micropnp] Ms32.exe O4 - HKLM\..\RunServices: [intec Service Drivers] cfg32.exe O4 - HKLM\..\RunServices: [Windows Workstation Update] Wupdate.exe O4 - HKLM\..\RunServices: [Laordewin service] naaxsvmqo.exe O4 - HKLM\..\RunServices: [Windows update adbpro] update32.exe O4 - HKCU\..\Run: [Windows Workstation Update] Wupdate.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe O4 - HKCU\..\RunServices: [Asn1 Security] msnmsgrs32.exe O4 - HKCU\..\RunServices: [Micropnp] Ms32.exe O4 - HKCU\..\RunServices: [intec Service Drivers] cfg32.exe O4 - HKCU\..\RunServices: [Windows Workstation Update] Wupdate.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4E214653-6434-46C0-B6BB-0355D6CEB2C9}: NameServer = 217.15.97.20 217.15.97.25 O17 - HKLM\System\CS2\Services\Tcpip\..\{4E214653-6434-46C0-B6BB-0355D6CEB2C9}: NameServer = 217.15.97.20 217.15.97.25 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: MsgPlusLoader.dll O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\hr6q05j5e.dll (file missing) O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\hpdj.exe (file missing) O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
ok fix theese: C:\WINDOWS\System32\Wupdate.exe O4 - HKLM\..\RunServices: [Windows Workstation Update] Wupdate.exe O4 - HKLM\..\Run: [Windows Workstation Update] Wupdate.exe O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe O4 - HKLM\..\RunServices: [AdobeReaderPros]ww O4 - HKLM\..\RunServices: [Asn1 Security] msnmsgrs32.exe O4 - HKCU\..\RunServices: [Micropnp] Ms32.exe O4 - HKLM\..\RunServices: [Micropnp] Ms32.exe O4 - HKLM\..\RunServices: [Laordewin service] naaxsvmqo.exe (errm i'm not to sure on theese , best leave it for now) O4 - HKLM\..\RunServices: [Windows update adbpro] update32.exe O4 - HKCU\..\Run: [Windows Workstation Update] Wupdate.exe O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe O4 - HKCU\..\RunServices: [Asn1 Security] msnmsgrs32.exe O4 - HKCU\..\RunServices: [Windows Workstation Update] Wupdate.exe now run scans with Ewido and trend micro or panda. heres the link http://forums.afterdawn.com/thread_view.cfm/292257 (youll find everythinh there) man some of thoose are realy dangerous viruses, worms, trojans and spyware..what have you been on!! lol no seriously admit it so everyone can learn from this.. also go into control panel performance and maintenence and system restore, disable system restore restart and enable it, we have to do this stop stop them comming back..
hi 10x for your help. But why did you say :What have you been on? i run a fixed all those things you told me.. now i'll wait and see if it works. 10x again and i will reply if it keeps coming.
some of them are high risk things and im just thinking you(or your children) must've been on some next level sh** to get them, well anyway i spose its all good as long as it fixes it, make sure you run thoose scans i told you too.. AND disable system restore and restart and enable it because they will be backed up on there and could return...
