HACKTOOL.ROOT KIT (hijackthis and sysclean log)

Question

BALAS009 0 Newbie Poster

19 Years Ago

HI
I did all the scans but still i am getting the message "Hacktool.rootkit virus found " but this time this message does not seems to come frequently but only when i access the "C:\Documentsandsettings\arunkumar\MSDIRECTX.sys".
Also my system performance has degraded eventhough I don't work my system CPU USAGE meter goes up by 90 to 100 percent that makes my system very slow.

I want to know, that MSDIRECTX.SYS cannot be deleted saying "Access DENIED" , this is because that this file has been accessed by some other application, is there any way that i can find what accessing the file. Can I delete any registry enteries but when i did for "MSdirectx.sys" and "xpjava" they seems to appear again when I reeboot my system. Ofcourse I have deleted the FmMpack32.exe and wsmsgs.exe
entries which i have found, is it OK. I have NORTON GO BACK, I want to know whether it stores any registry files.
Once more thing, Do u know the XP style taskbar which was now changed to WIN98 style taskbar, this happend after when i scanned but other applications are working good.
"CommonName" search and navigation software, which I installed can be used to remember my username password for each and every site. Is there any way that it affects my system cuz i have been using for three year and previously i was having such problems. U can visit www.commonname.com

I have posted the hijackthis log and sysclean log which is very big

Logfile of HijackThis v1.99.1
Scan saved at 12:38:35 PM, on 10/31/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\WordWeb\wweb32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Commander Pro\UPServ.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Commander Pro\UPS.EXE
D:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_BAND_SEARCHBAR_HTML
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.edulix.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?.home=msgr
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O2 - BHO: BitComet Toolbar Helper - {6A373B7E-496E-424f-A9BE-486A5E9AB018} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: BitComet Toolbar - {2E608F70-C430-4bc5-96F6-608E02EBA5B2} - C:\Program Files\BitComet Toolbar\v2.0.0.1\BitComet_Toolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Copernic Agent - {F2E259E8-0FC8-438C-A6E0-342DD80FA53E} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [SonicFocus] "C:\Program Files\Sonic Focus\SFIGUI\SFIGUI.EXE" BOOT
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 -noicon
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Startup: WordWeb.lnk = C:\Program Files\WordWeb\wweb32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &WordWeb... - res://C:\WINDOWS\wweb32.dll/lookup.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Search Using Copernic Agent - res://C:\Program Files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra 'Tools' menuitem: Launch Copernic Agent - {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Copernic Agent - {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - C:\PROGRA~1\COPERN~1\COPERN~1.EXE
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5CA42785-ABC3-11D2-9F81-00104B2225C5} (Immersion Web ActiveX Control) - http://www.immersion.com/plugins/ImmWeb.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - https://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: UPSmart - Unknown owner - C:\Program Files\Commander Pro\UPServ.exe

______________________________________________________________________________________________________________________________________________________________________SYSCLEAN LOG_________________________________

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/

2005-10-31, 04:03:42, Auto-clean mode specified.
2005-10-31, 04:03:42, Running scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\TSC.BIN"...
2005-10-31, 04:04:58, Scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\TSC.BIN" has finished running.
2005-10-31, 04:04:58, TSC Log:

2005-10-31, 04:35:09, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Access is denied.
2005-10-31, 04:35:10, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Access is denied.
2005-10-31, 04:35:10, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Access is denied.
2005-10-31, 04:35:10, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Access is denied.
2005-10-31, 04:35:10, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Access is denied.
2005-10-31, 04:35:10, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Access is denied.
2005-10-31, 04:35:10, An error occurred while scanning file "C:\WINDOWS\system32\config\SYSTEM": Access is denied.
2005-10-31, 04:35:11, An error occurred while scanning file "C:\WINDOWS\system32\config\SOFTWARE": Access is denied.
2005-10-31, 04:35:11, An error occurred while scanning file "C:\WINDOWS\system32\config\DEFAULT": Access is denied.
2005-10-31, 04:35:11, An error occurred while scanning file "C:\WINDOWS\system32\config\security": Access is denied.
2005-10-31, 05:01:05, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Access is denied.
2005-10-31, 05:01:05, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Access is denied.
2005-10-31, 05:01:07, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-10-31, 05:01:07, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-10-31, 05:01:07, An error occurred while scanning file "C:\Documents and Settings\LocalService\NTUSER.DAT": Access is denied.
2005-10-31, 05:01:07, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Access is denied.
2005-10-31, 05:01:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-10-31, 05:01:08, An error occurred while scanning file "C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-10-31, 05:01:10, An error occurred while scanning file "C:\Documents and Settings\arunkumar\NTUSER.DAT": Access is denied.
2005-10-31, 05:01:10, An error occurred while scanning file "C:\Documents and Settings\arunkumar\msdirectx.sys": Access is denied.
2005-10-31, 05:01:10, An error occurred while scanning file "C:\Documents and Settings\arunkumar\ntuser.dat.LOG": Access is denied.
2005-10-31, 05:01:12, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Temp\~e5.0001.dir.0000\~efe2.tmp": Access is denied.
2005-10-31, 05:01:15, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat": Access is denied.
2005-10-31, 05:01:15, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\dbeam": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\dbeao": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\dbdam": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\dbdao": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\dbvmh.ht1": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\dbvm.cf1": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\dbm": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\fiih.ht1": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\fii.cf1": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\rpmh.ht1": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\rpm.cf1": Access is denied.
2005-10-31, 05:01:20, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\dbu2d.ht1": Access is denied.
2005-10-31, 05:01:21, An error occurred while scanning file "C:\Documents and Settings\arunkumar\Local Settings\Application Data\Google\Google Desktop Search\dbc2e.ht1": Access is denied.
2005-10-31, 05:13:01, An error occurred while scanning file "C:\Documents and Settings\Administrator\msdirectx.sys": Access is denied.
2005-10-31, 05:16:20, An error occurred while scanning file "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll": Access is denied.
2005-10-31, 05:58:07, Running scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN"...
2005-10-31, 07:20:21, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 05:58:14
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

C:\WINDOWS\system32\FmMPacK32.exe [WORM_RBOT.GEN]
64524 files have been read.
64524 files have been checked.
48635 files have been scanned.
167069 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 07:20:16
---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 07:20:21, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 05:58:14
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

Success Clean [ WORM_RBOT.GEN]( 1) from C:\WINDOWS\system32\FmMPacK32.exe
64524 files have been read.
64524 files have been checked.
48635 files have been scanned.
167069 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 07:20:16 1 hour 21 minutes 55 seconds (4915.31 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 07:20:21, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 05:58:14
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

64524 files have been read.
64524 files have been checked.
48635 files have been scanned.
167069 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 07:20:16 1 hour 21 minutes 55 seconds (4915.31 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 07:20:21, Scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2005-10-31, 07:38:28, Running scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN"...
2005-10-31, 07:52:55, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 07:38:31
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

22239 files have been read.
22239 files have been checked.
4561 files have been scanned.
22367 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 07:52:54
---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 07:52:55, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 07:38:31
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

22239 files have been read.
22239 files have been checked.
4561 files have been scanned.
22367 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 07:52:54 14 minutes 12 seconds (851.83 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 07:52:55, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 07:38:31
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 D:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

22239 files have been read.
22239 files have been checked.
4561 files have been scanned.
22367 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 07:52:54 14 minutes 12 seconds (851.83 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 07:52:55, Scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2005-10-31, 08:55:09, Running scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN"...
2005-10-31, 09:29:20, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 08:55:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

45533 files have been read.
45533 files have been checked.
41863 files have been scanned.
80903 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 09:29:18
---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 09:29:20, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 08:55:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

45533 files have been read.
45533 files have been checked.
41863 files have been scanned.
80903 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 09:29:18 33 minutes 53 seconds (2033.80 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 09:29:20, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 08:55:19
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

45533 files have been read.
45533 files have been checked.
41863 files have been scanned.
80903 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 09:29:18 33 minutes 53 seconds (2033.80 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 09:29:20, Scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2005-10-31, 09:41:52, Running scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN"...
2005-10-31, 09:49:28, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 09:42:03
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

5400 files have been read.
5400 files have been checked.
3829 files have been scanned.
34555 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 09:49:27
---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 09:49:28, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 09:42:03
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

5400 files have been read.
5400 files have been checked.
3829 files have been scanned.
34555 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 09:49:27 7 minutes 22 seconds (442.06 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 09:49:28, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 09:42:03
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 F:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

5400 files have been read.
5400 files have been checked.
3829 files have been scanned.
34555 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 09:49:27 7 minutes 22 seconds (442.06 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 09:49:29, Scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN" has finished running.
2005-10-31, 09:49:33, Running scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN"...
2005-10-31, 09:49:44, Files Detected:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 09:49:41
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

88 files have been read.
88 files have been checked.
87 files have been scanned.
135 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 09:49:44
---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 09:49:44, Files Clean:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 09:49:41
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

88 files have been read.
88 files have been checked.
87 files have been scanned.
135 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 09:49:44 2 seconds (2.17 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 09:49:44, Clean Fail:
Copyright (c) 1990 - 2004 Trend Micro Inc.
Report Date : 10/31/2005 09:49:41
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 917 (111842 Patterns) (2005/10/27) (291700)
Command Line: C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 G:\*.* /P=C:\Documents and Settings\arunkumar\Desktop\Sysclean

88 files have been read.
88 files have been checked.
87 files have been scanned.
135 files have been scanned. (including files in archived)
0 files containing viruses.
Found 0 viruses totally.
Maybe 0 viruses totally.
Stop At : 10/31/2005 09:49:44 2 seconds (2.17 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-10-31, 09:49:44, Scanner "C:\Documents and Settings\arunkumar\Desktop\Sysclean\VSCANTM.BIN" has finished running.

windows-virus

3 Contributors
2 Replies
303 Views
3 Days Discussion Span
Latest Post 19 Years Ago Latest Post by swatkat

mikeandike22 18 Nearly a Posting Virtuoso

19 Years Ago

wat is this, C:\Program Files\WordWeb\wweb32.exe?

i have no idea you will have to wait for someone more knowlegable to come along, but i will give u my opinion on one thing i absolutley hate symantec and norton it is like hiring an army when all you need is a gun. Look at ur hjt log it is full wit all these extras and stuff, being smart about wat you do on the internet is the only real defense you need.

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

swatkat 14 Practically a Master Poster · Answer 1 · 2005-11-03T11:14:38+00:00

Hi,
First lets remove the Hacktool.rootkit virus, and then we can get back the XP default theme.

Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

O3 - Toolbar: CommonName - {A3E3F04C-F98C-4295-95EF-41C57425B077} - C:\Program Files\CommonName\Toolbar\CNBarIE.dll (file missing)
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.

We have to search for "bad" files and delete them. Download WinPFind.ZIP and completely extract it to a folder. Then run WinPFind.exe and click "Start Scan". When the scan completes, click "Copy to Clipboard" button to copy the log it gives, and please post it here.