User User name Password  
   
Wednesday 27.11.2024 / 18:17
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > i can't get rid of tcpip
Show topics
 
Forums
Forums
i can't get rid of TCPIP
  Jump to:
 
Posted Message
bran001
Newbie
_
11. February 2006 @ 05:41 _ Link to this message    Send private message to this user   
hi.. pls help.

I have a problem with tcpip. This file (or virus/spyware)is in C:\. It keeps coming there even if it is deleted by my norton antivirus software.. What can i do? Below is my log from HijackThis. Thanks for your co-operation.

Logfile of HijackThis v1.99.1
Scan saved at 16:35:28, on 11/02/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\System32\Wupdate.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Xfire\Xfire.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Brandon Pace\Desktop\hjt\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [Windows Workstation Update] Wupdate.exe
O4 - HKLM\..\Run: [Gtwatch] C:\WINDOWS\gtwatch.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\RunServices: [DGam prosessor] ccynabf.exe
O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKLM\..\RunServices: [AdobeReaderPros] sysmsn.exe
O4 - HKLM\..\RunServices: [Asn1 Security] msnmsgrs32.exe
O4 - HKLM\..\RunServices: [Micropnp] Ms32.exe
O4 - HKLM\..\RunServices: [intec Service Drivers] cfg32.exe
O4 - HKLM\..\RunServices: [Windows Workstation Update] Wupdate.exe
O4 - HKLM\..\RunServices: [Laordewin service] naaxsvmqo.exe
O4 - HKLM\..\RunServices: [Windows update adbpro] update32.exe
O4 - HKCU\..\Run: [Windows Workstation Update] Wupdate.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe
O4 - HKCU\..\RunServices: [Asn1 Security] msnmsgrs32.exe
O4 - HKCU\..\RunServices: [Micropnp] Ms32.exe
O4 - HKCU\..\RunServices: [intec Service Drivers] cfg32.exe
O4 - HKCU\..\RunServices: [Windows Workstation Update] Wupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/packages/GSManager.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by13fd.bay13.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E214653-6434-46C0-B6BB-0355D6CEB2C9}: NameServer = 217.15.97.20 217.15.97.25
O17 - HKLM\System\CS2\Services\Tcpip\..\{4E214653-6434-46C0-B6BB-0355D6CEB2C9}: NameServer = 217.15.97.20 217.15.97.25
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: SMDEn - C:\WINDOWS\system32\hr6q05j5e.dll (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\BRANDO~1\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Brandon P.
Senior Member
_
12. February 2006 @ 01:56 _ Link to this message    Send private message to this user   
ok fix theese:

C:\WINDOWS\System32\Wupdate.exe

O4 - HKLM\..\RunServices: [Windows Workstation Update] Wupdate.exe

O4 - HKLM\..\Run: [Windows Workstation Update] Wupdate.exe

O4 - HKLM\..\RunServices: [win msdt service] mswindtc.exe

O4 - HKLM\..\RunServices: [AdobeReaderPros]ww

O4 - HKLM\..\RunServices: [Asn1 Security] msnmsgrs32.exe

O4 - HKCU\..\RunServices: [Micropnp] Ms32.exe
O4 - HKLM\..\RunServices: [Micropnp] Ms32.exe
O4 - HKLM\..\RunServices: [Laordewin service] naaxsvmqo.exe
(errm i'm not to sure on theese , best leave it for now)

O4 - HKLM\..\RunServices: [Windows update adbpro] update32.exe
O4 - HKCU\..\Run: [Windows Workstation Update] Wupdate.exe

O4 - HKCU\..\RunServices: [win msdt service] mswindtc.exe

O4 - HKCU\..\RunServices: [Asn1 Security] msnmsgrs32.exe

O4 - HKCU\..\RunServices: [Windows Workstation Update] Wupdate.exe

now run scans with Ewido and trend micro or panda.
heres the link
http://forums.afterdawn.com/thread_view.cfm/292257
(youll find everythinh there)

man some of thoose are realy dangerous viruses, worms, trojans and spyware..what have you been on!! lol no seriously admit it so everyone can learn from this..

also go into control panel performance and maintenence and system restore, disable system restore restart and enable it, we have to do this stop stop them comming back..






Yours Truly; Rav
BitTorrent Safety Guide: http://forums.afterdawn.com/thread_view.cfm/395674
Free Security Software: http://forums.afterdawn.com/thread_view.cfm/292257
The cleverest of all, in my opinion, is the man who calls himself a fool at least once a month. - Fyodor Dostoevsky
bran001
Newbie
_
12. February 2006 @ 02:06 _ Link to this message    Send private message to this user   
hi 10x for your help. But why did you say :What have you been on? i run a fixed all those things you told me.. now i'll wait and see if it works. 10x again and i will reply if it keeps coming.

Brandon P.
Advertisement
_
__
 
_
Senior Member
_
12. February 2006 @ 02:09 _ Link to this message    Send private message to this user   
some of them are high risk things and im just thinking you(or your children) must've been on some next level sh** to get them, well anyway i spose its all good as long as it fixes it, make sure you run thoose scans i told you too..

AND disable system restore and restart and enable it because they will be backed up on there and could return...

Yours Truly; Rav
BitTorrent Safety Guide: http://forums.afterdawn.com/thread_view.cfm/395674
Free Security Software: http://forums.afterdawn.com/thread_view.cfm/292257
The cleverest of all, in my opinion, is the man who calls himself a fool at least once a month. - Fyodor Dostoevsky

This message has been edited since posting. Last time this message was edited on 12. February 2006 @ 02:11

afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > i can't get rid of tcpip
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork