Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » Error! Corrupt Data!

[Fixed] Hijackthis! Logs - Error! Corrupt Data! posted in the Security & Safety forums; Hi, When i run drag the service pack 2 to ComboFix gives me an error! The message is more or less this...: "You try to execute file CSFscrip? The name ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 3 < 1 2 3 >
  #8  
Old 02-21-2008
Bronze Member
  
Join Date: Feb 2008
Posts: 7
PC Experience: Some Experience
migasmike - See this Members User comments on their Profile page
Exclamation Re: Error! Corrupt Data!
Hi,

When i run drag the service pack 2 to ComboFix gives me an error!
The message is more or less this...: "You try to execute file CSFscrip? The name CSFscrip seems to be typed incorrectly."

Can you make a small brief why is necessary the Recovery Console?

Thanks in Advance,

MigasMike
Attached Images
File Type: jpg Combo_error.JPG (8.5 KB, 2 views)
File Type: jpg Combo_Windows.JPG (31.0 KB, 1 views)


  #9  
Old 02-21-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Error! Corrupt Data!
I take it you are using the correct download for your system XP Pro.? You asked why you need Recovery Console ?.Well in anything goes wrong you cant do a recovery to get your system up and running again.


__________________
  • An Australian Member of
  • and
My real name is Eddy
Last edited by Pancake; 02-21-2008 at 02:59 AM.
  #10  
Old 02-21-2008
Bronze Member
  
Join Date: Feb 2008
Posts: 7
PC Experience: Some Experience
migasmike - See this Members User comments on their Profile page
Default Re: Error! Corrupt Data!
Originally Posted by Pancake View Post
I take it you are using the correct download for your system XP Pro.? You asked why you need Recovery Console ?.Well in anything goes wrong you cant do a recovery to get your system up and running again.
Hi,

Yes im using the service pack 2 for Windows (Portuguese version) like the SO, like that i installed.

Thanks,

MigasMike
  #11  
Old 02-21-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Error! Corrupt Data!
Please copy this page to *Notepad* and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.
It's IMPORTANT to carry out the instructions in the sequence listed below.
1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open *notepad* and copy/paste the text in the quotebox below into it:


File::
F:\UFO.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{42d8c0c6-a31e-11dc-9537-001279670118}]
[-HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a9a86a5c-df4f-11d9-93c3-001279670118}]
Save this as CFScript.txt, in the same location as ComboFix.exe which is on the Desktop.


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt
Please copy and paste the ComboFix.txt along with a fresh HijackThis log in your next reply please.

*Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall*


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #12  
Old 02-26-2008
Bronze Member
  
Join Date: Feb 2008
Posts: 7
PC Experience: Some Experience
migasmike - See this Members User comments on their Profile page
Exclamation Re: Error! Corrupt Data!
Hi,

I followed the instructions and new´s the log´s are here:

ComboFix 08-02-18.1 - Raiz7 2008-02-26 8:35:32.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.2070.18.521 [GMT 0:00]
Executando de: C:\Documents and Settings\Raiz7\Ambiente de trabalho\ComboFix.exe
Command switches used :: C:\Documents and Settings\Raiz7\Ambiente de trabalho\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
F:\UFO.exe
.

((((((((((((((((((((((( Ficheiros criados de 2008-01-26 to 2008-02-26 ))))))))))))))))))))))))))))))))
.

2008-02-18 12:09 . 2008-02-18 12:09 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-02-18 11:46 . 2008-02-18 11:46 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-15 10:52 . 2004-08-03 23:00 8,192 --a------ C:\WINDOWS\system32\drivers\changer.sys
2008-02-15 10:52 . 2004-08-03 23:00 8,192 --a--c--- C:\WINDOWS\system32\dllcache\changer.sys
2008-02-15 10:51 . 2008-02-18 13:44 <DIR> d-------- C:\Documents and Settings\Raiz7\Application Data\PrevxCSI
2008-02-12 10:17 . 2008-02-20 15:07 <DIR> d-------- C:\Programas\SUPERAntiSpyware
2008-02-12 10:17 . 2008-02-20 15:07 <DIR> d-------- C:\Documents and Settings\Raiz7\Application Data\SUPERAntiSpyware.com
2008-02-12 10:17 . 2008-02-12 10:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-08 10:30 . 2008-02-08 08:28 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-02-08 08:27 . 2008-02-11 08:08 <DIR> d-------- C:\Documents and Settings\Raiz7\.housecall6.6
2008-02-08 08:06 . 2008-02-08 08:18 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-08 08:06 . 2008-02-08 08:06 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-08 08:06 . 2008-02-08 08:06 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-02-08 08:06 . 2008-02-08 08:06 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-02-04 11:13 . 2008-02-06 10:10 <DIR> d-------- C:\Documents and Settings\Raiz7\Application Data\AdobeUM

.
((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2008-02-26 08:31 --------- d-----w C:\Programas\Spybot - Search & Destroy
2008-02-26 08:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-26 08:30 --------- d-----w C:\Programas\Ficheiros comuns\Symantec Shared
2008-02-25 13:22 --------- d-----w C:\Programas\Norton SystemWorks
2008-02-20 15:07 --------- d-----w C:\Documents and Settings\Raiz7\Application Data\Lavasoft
2008-02-18 13:44 --------- d-----w C:\Programas\UltraVNC
2008-02-15 11:50 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-04 10:38 --------- d-----w C:\Programas\Ficheiros comuns\Adobe
2008-01-17 16:11 --------- d-----w C:\Programas\R
2008-01-15 09:54 10,537 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.cat
2008-01-15 05:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-01-12 18:32 23,904 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-01-11 14:45 --------- d-----w C:\Programas\HP
2008-01-11 14:45 --------- d-----w C:\Programas\Ficheiros comuns\HP
2008-01-09 10:28 --------- d-----w C:\Documents and Settings\Raiz7\Application Data\HP
2008-01-08 14:55 --------- d-----w C:\Programas\MultiqtlComplete V2.6
2008-01-08 14:52 --------- d-----w C:\Programas\Ficheiros comuns\Aladdin Shared
2008-01-08 14:51 6,656 ----a-w C:\WINDOWS\system32\haspvdd.dll
2008-01-08 14:51 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
2007-12-27 15:51 --------- d-----w C:\Programas\Google
2007-12-27 13:12 --------- d-----w C:\Programas\Java
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-05 08:38 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2007-12-04 18:40 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* entradas vazias & legítimas por defeito não são mostradas.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 12:00 15360]
"swg"="C:\Programas\Google\GoogleToolbarNotifier\1 .2.1128.5462\GoogleToolbarNotifier.exe" [2007-12-27 14:44 171448]
"WMPNSCFG"="C:\Programas\Windows Media Player\WMPNSCFG.exe" [2007-01-05 19:08 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"Smapp"="C:\Programas\Analog Devices\SoundMAX\SMTray.exe" [2003-07-30 08:08 143360]
"RoxioEngineUtility"="C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe" [2003-05-01 17:44 65536]
"RoxioDragToDisc"="C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2005-05-10 17:11 868352]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36 114688]
"SunJavaUpdateSched"="C:\Programas\Java\jre1.6.0_0 3\bin\jusched.exe" [2007-09-25 01:11 132496]
"ccApp"="C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe" [2007-01-09 21:59 115816]
"osCheck"="C:\Programas\Norton AntiVirus\osCheck.exe" [2006-09-06 02:22 26248]
"Symantec PIF AlertEng"="C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]
"HP Software Update"="C:\Programas\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
"NSWosCheck"="C:\Programas\Norton SystemWorks\osCheck.exe" [2007-12-03 01:41 25472]

C:\Documents and Settings\All Users\Menu Iniciar\Programas\Arranque\
Acrobat Assistant.lnk - C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
HP Digital Imaging Monitor.lnk - C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]
InterVideo WinCinema Manager.lnk - C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.ex e [2005-05-07 14:36:33 110592]

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

R2 aksfridge;HASP Fridge;C:\WINDOWS\system32\DRIVERS\aksfridge.sys [2007-05-28 10:02]
R2 EZUSB;AnchorChips General Purpose USB Driver (ezusb.sys);C:\WINDOWS\system32\Drivers\ezusb.sys [2003-07-22 00:29]
R2 hasplms;HASP License Manager;C:\WINDOWS\system32\hasplms.exe [2007-08-09 14:58]
R2 pgsql-8.1;PostgreSQL Database Server 8.1;C:\Programas\PostgreSQL\8.1\bin\pg_ctl.exe runservice -N "pgsql-8.1" []
R3 NPDriver;Norton UnErase Protection Driver;C:\WINDOWS\system32\Drivers\NPDRIVER.SYS [2006-10-10 13:17]
S3 akshhl;Aladdin HASP HL Key;C:\WINDOWS\system32\DRIVERS\akshhl.sys [2007-07-23 16:12]
S3 SDdriver;SDdriver;C:\WINDOWS\system32\Drivers\sddr iver.sys [2005-11-04 02:43]
S3 Symantec RemoteAssist;Symantec RemoteAssist;"C:\Programas\Ficheiros comuns\Symantec Shared\Support Controls\ssrc.exe" [2008-01-29 16:09]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{42d8c0c6-a31e-11dc-9537-001279670118}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{8b5c31a0-8164-11dc-951a-001279670118}]
\Shell\AutoRun\command - F:\setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{a9a86a5c-df4f-11d9-93c3-001279670118}]
\Shell\Auto\command - UFO.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL UFO.exe

.
Conteúdo da pasta 'Tarefas Agendadas'
"2008-02-11 08:08:29 C:\WINDOWS\Tasks\Norton AntiVirus - Run Full System Scan - Raiz7.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/TASK:
"2008-02-25 13:22:53 C:\WINDOWS\Tasks\Norton SystemWorks One Button Checkup.job"
- C:\Programas\Norton SystemWorks\OBC.exe
.
************************************************** ************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-26 08:37:23
Windows 5.1.2600 Service Pack 2 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros ocultos ...

Varredura completada com sucesso
Ficheiros ocultos: 0

************************************************** ************************
.
Tempo para conclusão: 2008-02-26 8:38:24
ComboFix2.txt 2008-02-18 12:17:23
.
2008-02-15 03:00:35 --- E O F ---

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 8:40:50, on 26-02-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
C:\Programas\Ficheiros comuns\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
C:\WINDOWS\system32\hasplms.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programas\Ficheiros comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
C:\Programas\RealVNC\VNC4\WinVNC4.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programas\Analog Devices\SoundMAX\SMTray.exe
C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programas\Java\jre1.6.0_03\bin\jusched.exe
C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe
C:\Programas\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programas\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
C:\Programas\Windows Media Player\WMPNSCFG.exe
C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.ex e
C:\Programas\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Raiz7\Ambiente de trabalho\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Welcome to ITQB &mdash; ITQB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Live Search
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Live Search
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = Microsoft Windows Update
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programas\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programas\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programas\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Smapp] C:\Programas\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Programas\Ficheiros comuns\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Programas\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_03\bin\jusched.exe "
O4 - HKLM\..\Run: [ccApp] "C:\Programas\Ficheiros comuns\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Programas\Norton AntiVirus\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [HP Software Update] C:\Programas\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NSWosCheck] C:\Programas\Norton SystemWorks\osCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programas\Google\GoogleToolbarNotifier\1.2.1128 .5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Programas\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Programas\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programas\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Programas\InterVideo\Common\Bin\WinCinemaMgr.ex e
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra 'Tools' menuitem: Express Cleanup - {5E638779-1818-4754-A595-EF1C63B87A56} - C:\Programas\Norton SystemWorks\Norton Cleanup\WCQuick.lnk
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1115410714603
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD0BB0B5-119C-48DE-BC67-9A92893F7CA7}: Domain = itqb.unl.pt
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD0BB0B5-119C-48DE-BC67-9A92893F7CA7}: NameServer = 193.136.176.16,193.136.176.15
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = itqb.unl.pt
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = itqb.unl.pt
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = itqb.unl.pt
O20 - Winlogon Notify: !SASWinLogon - C:\WINDOWS\
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon da cache de categorias dos componentes - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Programas\Symantec\LiveUpdate\ALUSchedulerSvc.e xe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programas\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Programas\Norton AntiVirus\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Norton UnErase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
O23 - Service: PostgreSQL Database Server 8.1 (pgsql-8.1) - PostgreSQL Global Development Group - C:\Programas\PostgreSQL\8.1\bin\pg_ctl.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programas\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Programas\Ficheiros comuns\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Programas\Ficheiros comuns\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Programas\Ficheiros comuns\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Programas\UltraVNC\winvnc.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - C:\Programas\RealVNC\VNC4\WinVNC4.exe

--
End of file - 10217 bytes


Thanks,

MigasMike
  #13  
Old 02-26-2008
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default Re: Error! Corrupt Data!
How are things running now.? It looks like all the malware has been removed.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #14  
Old 04-01-2008
Bronze Member
  
Join Date: Feb 2008
Posts: 7
PC Experience: Some Experience
migasmike - See this Members User comments on their Profile page
Thumbs up Re: Error! Corrupt Data!
Originally Posted by Pancake View Post
How are things running now.? It looks like all the malware has been removed.
It´s running OK! Please closed this post.
Thank You.

MigasMike

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 2 of 3 < 1 2 3 >

Bookmarks

« Help - I picked up a virus whilst on holiday | Folder Options in Trouble »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are On

Contact Us - PC Help Forum - Site Map - Privacy Statement - Top
All times are GMT +1. The time now is 04:14 PM.
Powered by vBulletin
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 RC7
All Graphics & Content Copyright © 2004-2008 - PC Help Forum.com


Back to Top