Forum Home
Press F1
Thread ID: 93689	2008-09-27 10:47:00	Advir virus ????? my boss will shot me ..not able to open drives .. help me?	Amit Beniwal (14213)	Press F1

Post ID	Timestamp	Content	User
708237	2008-09-27 10:47:00	this is my trend micro hijackthis log report... please sugest me what to do.. //////////////////////////////////////////////////////// Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 3:31:28 PM, on 27/09/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\PDF Complete\pdfsvc.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\hijack.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\cmd.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyServer = 10.88.1.200:443 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 10.*.*.*;*.adhaar.hr.gov.in;<local> O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{6AB44708-6BA6-4261-92F6-61CD5A5B1DFA}: NameServer = 10.88.1.10,10.88.1.11 O17 - HKLM\System\CS1\Services\Tcpip\..\{6AB44708-6BA6-4261-92F6-61CD5A5B1DFA}: NameServer = 10.88.1.10,10.88.1.11 O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O24 - Desktop Component 0: (no name) - (no file) -- End of file - 3645 bytes	Amit Beniwal (14213)
708238	2008-09-27 17:00:00	Its not bad Install something better than Symantec (Avast Home - free or NOD32 (you pay for it) Tick these then tick fix checked Close browsers O24 - Desktop Component 0: (no name) - (no file) Uninstall all versions of Java, yours is out of date. Link below Get malwarebytes and trojan remover in my sig below. Update both then scan See what they pick up / remove	Speedy Gonzales (78)
708239	2008-09-28 06:03:00	C:\hijack.exe ??	apsattv (7406)
708240	2008-09-28 18:50:00	apsattv - C:\hijack.exe is probably HijackThis itself. ;)	pcuser42 (130)
708241	2008-09-29 05:44:00	Runs from here though on my machine and note the filename "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe"	apsattv (7406)
1