Hi, hope im doing this this right as its my first post.
I have(had) a problem whereby I couldn't open cmd or taskmgr because it said "already in use". I did a search on google and I found it could be because of some svchost.exe? I also found a link to this forum.
I read through the '5 steps before posting' thread and found that after I had done step 2 (the panda scan) I was able to open cmd and taskmgr again! However the panda scan said I had over 1000 viruses so I thought I'd carry on with this post to see if I can delete these viruses properly as I'm not sure now if they're gone for good or not?
Im not sure if I need to post a hijackthis result or if the panda scan result and dss.exe scan results are all I need?
Please let me know if I have any viruses and how I can delete them and also if you want me to post anything else or do some more scans etc
**I read in the '5 steps' that I should post the 2 scan results and attch the extra.txt but after just trying it said that my post is too big so I've had to attach both the extas and the panda results, hope thats ok?
also the panda scan found hundreds of films and things in a setup.exe format and I dont know what they or how to delete them?
Thanks!!
Here is the result of the main dss.exe scan
Deckard's System Scanner v20070809.63
Run by Gerry Hill on 2007-08-10 at 19:20:11
Computer is in Normal Mode.
--------------------------------------------------------------------------------
-- System Restore --------------------------------------------------------------
Successfully created a Deckard's System Scanner Restore Point.
-- Last 5 Restore Point(s) --
11: 2007-08-10 18:20:27 UTC - RP940 - Deckard's System Scanner Restore Point
10: 2007-08-10 17:32:57 UTC - RP939 - System Checkpoint
9: 2007-08-08 19:46:30 UTC - RP938 - System Checkpoint
8: 2007-07-31 17:49:02 UTC - RP937 - System Checkpoint
7: 2007-07-30 17:09:56 UTC - RP936 - System Checkpoint
-- First Restore Point --
1: 2007-07-24 19:18:11 UTC - RP930 - System Checkpoint
Backed up registry hives.
Performed disk cleanup.
-- HijackThis (run as Gerry Hill.exe) ------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 19:21:37, on 10/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\F5D7051\WLService.exe
C:\Program Files\Belkin\F5D7051\WLanCfgG.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Gerry Hill\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Gerry Hill.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://home.bt.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: (no name) - {C1B4DEC2-2623-438e-9CA2-C9043AB28508} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [explore] "C:\WINDOWS\EXPLORE.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} -
http://activex.camfrogweb.com/advanc...instmodule.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
http://mymusic80.spaces.msn.com//Pho...d/MsnPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} -
http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Belkin High-Speed Mode Wireless G USB Driver (Belkin High-Speed Mode Wireless G USB Network Adapter Service) - Unknown owner - C:\Program Files\Belkin\F5D7051\WLService.exe
O23 - Service: C-DillaCdaC11BA - Unknown owner - C:\WINDOWS\system32\drivers\CDAC11BA.EXE (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-- File Associations -----------------------------------------------------------
All associations okay.
-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------
R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.2.0.3) - c:\windows\system32\drivers\aegisp.sys <Not Verified; Meetinghouse Data Communications; AEGIS Client 3.2.0.3>
R2 CdaC15BA - c:\windows\system32\drivers\cdac15ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R2 enodpl - c:\windows\system32\drivers\enodpl.sys
R2 JiaoCap (JiaoCap, WDM Video Capture for VCDCut) - c:\windows\system32\drivers\jiaocap.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
R2 JiaoIO - c:\windows\system32\drivers\jiaoio.sys <Not Verified; Microsoft Corporation; Microsoft(R) Windows NT(R) Operating System>
R2 MASPINT - c:\windows\system32\drivers\maspint.sys <Not Verified; MicroStaff Co.,Ltd.; Aspi32 Driver for WinNT>
R2 tandpl - c:\windows\system32\drivers\tandpl.sys
R3 cmuda (C-Media WDM Audio Interface) - c:\windows\system32\drivers\cmuda.sys <Not Verified; C-Media Inc; C-Media Audio Driver (WDM)>
R3 GTNDIS5 (GTNDIS5 NDIS Protocol Driver) - c:\windows\system32\gtndis5.sys <Not Verified; Printing Communications Assoc., Inc. (PCAUSA); PCAUSA Rawether for Windows>
R3 NTIDrvr (Upper Class Filter Driver) - c:\windows\system32\drivers\ntidrvr.sys <Not Verified; NewTech Infosystems, Inc.; >
R3 SPLITCAM (Splitcam, WDM Camera Stream Splitter) - c:\windows\system32\drivers\splitcam.sys <Not Verified; LoteSoft Co.; Video Capture Splitter driver>
S2 TTELL (TTell WDM Video Capture) - c:\windows\system32\drivers\ttell.sys
S2 VirtualCam (VirtualCamera) - c:\windows\system32\drivers\virtualcam.sys <Not Verified; MorningSound Co., Ltd.; MorningSound VirtualCamera>
S3 adxapie - c:\docume~1\gerryh~1\locals~1\temp\adxapie.sys (file missing)
S3 alcan5wn (Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)) - c:\windows\system32\drivers\alcan5wn.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>
S3 alcaudsl (Alcatel Speed Touch ADSL Modem ATM Transport) - c:\windows\system32\drivers\alcaudsl.sys <Not Verified; THOMSON multimedia; SpeedTouch USB>
S3 autorun - c:\huadio.tmp (file missing)
S3 AVWLP_USB (WLAN PRISM USB Driver) - c:\windows\system32\drivers\avwlpusb.sys (file missing)
S3 DCamUSBSQTECH (Dual-Mode DSC(2770)) - c:\windows\system32\drivers\sqcaptur.sys <Not Verified; Service & Quality Technology.; SQ913>
S3 dptrackerd (Tracker Driver) - c:\windows\system32\drivers\dptrackerd.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
S3 SYMIDSCO - c:\progra~1\common~1\symant~1\symcdata\ids-di~1\20070628.004\symidsco.sys (file missing)
-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------
R2 Belkin High-Speed Mode Wireless G USB Network Adapter Service (Belkin High-Speed Mode Wireless G USB Driver) - c:\program files\belkin\f5d7051\wlservice.exe
S2 C-DillaCdaC11BA - c:\windows\system32\drivers\cdac11ba.exe (file missing)
S3 ServiceLayer - "c:\program files\common files\pcsuite\services\servicelayer.exe" <Not Verified; Nokia.; PC Connectivity Solution>
-- Device Manager: Disabled ----------------------------------------------------
No disabled devices found.
-- Files created between 2007-07-10 and 2007-08-10 -----------------------------
2007-08-10 19:16:15 0 d-------- C:\Program Files\SpywareBlaster
2007-08-10 17:53:19 0 d-------- C:\WINDOWS\system32\ActiveScan
2007-08-10 17:53:16 0 d-------- C:\WINDOWS\LastGood
2007-07-25 18:59:02 0 d-------- C:\Program Files\FileDeleter
-- Find3M Report ---------------------------------------------------------------
2007-08-10 19:21:37 0 d-------- C:\Program Files\Hijack This
2007-08-10 18:24:21 0 d-------- C:\Program Files\QuickTime
2007-08-10 18:24:15 0 d-------- C:\Program Files\PeDevice
2007-08-10 18:18:22 0 d-------- C:\Program Files\Common Files\{F0CDC6E7-077C-1033-0221-03111803002c}
2007-08-10 18:18:13 0 d-------- C:\Program Files\Common Files\Symantec Shared
2007-07-27 19:35:41 384 --a------ C:\Program Files\LimeWire.lnk
2007-07-25 19:16:18 0 d-------- C:\Documents and Settings\Gerry Hill\Application Data\Google
2007-07-24 21:01:04 0 d-------- C:\Program Files\Common Files
2007-07-24 20:55:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-07-24 20:53:39 0 d-------- C:\Program Files\Common Files\Adobe
2007-07-24 20:49:11 0 d-------- C:\Program Files\Pool Station Classic
2007-07-24 20:48:07 0 d-------- C:\Program Files\NoAdware4
2007-07-24 20:45:30 0 d-------- C:\Program Files\Logitech
2007-07-24 18:56:08 0 d-------- C:\Program Files\Canon
2007-07-04 19:20:46 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
-- Registry Dump ---------------------------------------------------------------
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [18/12/2003 03:28]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [13/08/2004 20:17]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [28/09/2004 13:07]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [09/03/2007 01:02]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"explore"="C:\WINDOWS\EXPLORE.exe" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 08:56]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"=Narrator.exe
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"ALUAlert"=C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe
"MySpaceIM"=C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [21/01/2000 09:15:54]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SpecifyDefaultButtons"=0 (0x0)
"Btn_Search"=0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
"{F0CDC6E7-077C-1033-0221-03111803002c}"="C:\Program Files\Common Files\{F0CDC6E7-077C-1033-0221-03111803002c}\Update.exe" mc-110-12-0000137
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\Run]
"{F0CDC6E7-077C-1033-0221-03111803002c}"="C:\Program Files\Common Files\{F0CDC6E7-077C-1033-0221-03111803002c}\Update.exe" mc-110-12-0000140
"{F0CDC6E7-077D-1033-0221-03111803002c}"="C:\Program Files\Common Files\{F0CDC6E7-077D-1033-0221-03111803002c}\Update.exe" mc-110-12-0000140
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2a1db0f8-ffe1-11db-84f8-001150c32749}]
AutoRun\command- index.html
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a1e613aa-f8d1-11db-84e8-001150c32749}]
AutoRun\command- index.html
-- End of Deckard's System Scanner: finished at 2007-08-10 at 19:23:13 ---------
Thanks and please let me know if you need anything else from me.
Adam