XP - SP2
in [Windows Viruses]
|
From: LIZ on 19 Dec 2007 22:49 I have XP Professional and got some sort of virus or? I get a error message that states "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item". I can not open or start any programs and only get this message. I can run programs in safe mode but can not update windows as I get the error code 0x8007043C. I do not know what to do and have run a number of things to try and fix it including hijackthis. The logfile is included. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 5:29:12 PM, on 12/19/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Safe mode with network support Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OL.exe C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\Temporary Directory 1 for HiJackThis[1].zip\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=21940 O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe" O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe" O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\COMMON~1\ASKS~1\iexplore.exe" -vt yazb O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://download.windowsupdate.com O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController Control) - http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/01d1b85147621cc5ee23/netzip/RdxIE2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168651254906 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - file://C:\Program Files\AutoCAD 2000i\InstFred.ocx O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe -- End of file - 7695 bytes
From: Kayman on 20 Dec 2007 00:47 On Wed, 19 Dec 2007 21:49:56 -0600, LIZ wrote: > I have XP Professional and got some sort of virus or? I get a error message > that states "Windows cannot access the specified device, path, or file. You > may not have the appropriate permissions to access the item". I can not open > or start any programs and only get this message. I can run programs in safe > mode but can not update windows as I get the error code 0x8007043C. I do not > know what to do and have run a number of things to try and fix it including > hijackthis. The logfile is included. > > Logfile of Trend Micro HijackThis v2.0.2 [snipped HJT logfile] Forums where you can get expert advice for HiJack This! (HJT) logs. NOTE: Registration is REQUIRED in any of the below before posting a log http://www.theeldergeek.com/forum/index.php?s=2e9ea4e19d3289dd877ab75a8220bff6&showforum=29 http://www.thespykiller.co.uk/index.php?board=3.0 http://www.bleepingcomputer.com/forums/forum22.html http://castlecops.com/forum67.html http://www.dslreports.com/forum/cleanup http://www.cybertechhelp.com/forums/forumdisplay.php?f=25 http://www.atribune.org/forums/index.php?showforum=9 http://www.geekstogo.com/forum/Malware_Removal_HiJackThis_Logs_Go_Here-f37.html http://gladiator-antivirus.com/forum/index.php?showforum=170 http://forum.networktechs.com/forumdisplay.php?f=130 http://forums.maddoktor2.com/index.php?showforum=17 http://www.spywarewarrior.com/viewforum.php?f=5 http://forums.spywareinfo.com/index.php?showforum=18 http://forums.techguy.org/f54-s.html http://forums.tomcoyote.org/index.php?showforum=27 http://forums.subratam.org/index.php?showforum=7 http://www.5starsupport.com/ipboard/index.php?showforum=18 http://www.malwarebytes.org/forums/index.php?showforum=7 http://makephpbb.com/phpbb/viewforum.php?f=2 http://forums.techguy.org/54-security/ http://forums.security-central.us/forumdisplay.php?f=13
From: Milo (MSPSS) on 20 Dec 2007 13:03 O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\COMMON~1\ASKS~1\iexplore.exe" -vt yazb This is by far what I found questionable and with regards to Windows Update concerns you have it would be or a possible secondary issue. As an option you can avail of a direct free support from Microsoft ( US/CANADA ) ( 866 727 2338 ) Toll Free and Free Support "LIZ" <lizj(a)new.rr.com> wrote in message news:%23AOCltrQIHA.6036(a)TK2MSFTNGP03.phx.gbl... >I have XP Professional and got some sort of virus or? I get a error >message that states "Windows cannot access the specified device, path, or >file. You may not have the appropriate permissions to access the item". I >can not open or start any programs and only get this message. I can run >programs in safe mode but can not update windows as I get the error code >0x8007043C. I do not know what to do and have run a number of things to try >and fix it including hijackthis. The logfile is included. > > Logfile of Trend Micro HijackThis v2.0.2 > Scan saved at 5:29:12 PM, on 12/19/2007 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v7.00 (7.00.6000.16574) > Boot mode: Safe mode with network support > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\Program Files\Windows Defender\MsMpEng.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\Explorer.EXE > C:\Program Files\Internet Explorer\iexplore.exe > C:\WINDOWS\system32\ctfmon.exe > C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE > C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OL.exe > C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\Temporary Directory 1 for > HiJackThis[1].zip\HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = > http://go.microsoft.com/fwlink/?LinkId=54896 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://go.microsoft.com/fwlink/?LinkId=69157 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = > http://go.microsoft.com/fwlink/?LinkId=54896 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = > http://go.microsoft.com/fwlink/?LinkId=54896 > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://go.microsoft.com/fwlink/?LinkId=69157 > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = > http://go.microsoft.com/fwlink/?LinkId=54843 > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = > http://go.microsoft.com/fwlink/?LinkId=21940 > O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program > Files\TechSmith\SnagIt 8\SnagItIEAddin.dll > O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe > O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe > O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe > O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program > Files\Java\j2re1.4.2_03\bin\jusched.exe > O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program > Files\Intel\Wireless\bin\ZCfgSvc.exe" > O4 - HKLM\..\Run: [IntelWireless] "C:\Program > Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless > O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe > O4 - HKLM\..\Run: [DVDLauncher] "C:\Program > Files\CyberLink\PowerDVD\DVDLauncher.exe" > O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft > IntelliPoint\point32.exe" > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program > Files\QuickTime\qttask.exe" -atboottime > O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program > Files\McAfee\SpamKiller\MSKDetct.exe /uninstall > O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet > Security 2007\pccguide.exe" > O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows > Defender\MSASCui.exe" -hide > O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software > Update\HPWuSchd2.exe > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe > O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security > 2007\TMAS_OE\TMAS_OEMon.exe" > O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat > 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 > O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\COMMON~1\ASKS~1\iexplore.exe" -vt > yazb > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & > Destroy\TeaTimer.exe > O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] > "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') > O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] > "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') > O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common > Files\Adobe\Calibration\Adobe Gamma Loader.exe > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe > O4 - Global Startup: Digital Line Detect.lnk = ? > O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program > Files\HP\Digital Imaging\bin\hpqtra08.exe > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - > C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program > Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - > C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL > O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - > C:\PROGRA~1\SPYBOT~1\SDHelper.dll > O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - > {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - > C:\WINDOWS\Network Diagnostic\xpnetdiag.exe > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - > {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network > Diagnostic\xpnetdiag.exe > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program > Files\Messenger\msmsgs.exe > O15 - Trusted Zone: http://download.windowsupdate.com > O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController > Control) - > http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab > O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - > http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - > http://software-dl.real.com/01d1b85147621cc5ee23/netzip/RdxIE2.cab > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168651254906 > O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer > Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab > O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - > file://C:\Program Files\AutoCAD 2000i\InstFred.ocx > O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - > file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx > O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel > Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe > O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program > Files\Dell\QuickSet\NICCONFIGSVC.exe > O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend > Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe > O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend > Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe > O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe > O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel > Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe > O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel > Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe > O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro > Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe > O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - > C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe > O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - > C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe > O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - > Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe > > -- > End of file - 7695 bytes
From: David H. Lipman on 20 Dec 2007 15:21 From: "LIZ" <lizj(a)new.rr.com> | I have XP Professional and got some sort of virus or? I get a error message | that states "Windows cannot access the specified device, path, or file. You | may not have the appropriate permissions to access the item". I can not open | or start any programs and only get this message. I can run programs in safe | mode but can not update windows as I get the error code 0x8007043C. I do not | know what to do and have run a number of things to try and fix it including | hijackthis. The logfile is included. | Please don NOT post HJT logs here. We do not accept them! Kayman was kind enough to post those places that do accept them and will provide their expert examination. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
From: Volodymyr Shcherbyna on 21 Dec 2007 06:20 Sounds like a bug in OS, rather like some virus issue. -- Volodymyr "LIZ" <lizj(a)new.rr.com> wrote in message news:%23AOCltrQIHA.6036(a)TK2MSFTNGP03.phx.gbl... >I have XP Professional and got some sort of virus or? I get a error >message that states "Windows cannot access the specified device, path, or >file. You may not have the appropriate permissions to access the item". I >can not open or start any programs and only get this message. I can run >programs in safe mode but can not update windows as I get the error code >0x8007043C. I do not know what to do and have run a number of things to try >and fix it including hijackthis. The logfile is included. > > Logfile of Trend Micro HijackThis v2.0.2 > Scan saved at 5:29:12 PM, on 12/19/2007 > Platform: Windows XP SP2 (WinNT 5.01.2600) > MSIE: Internet Explorer v7.00 (7.00.6000.16574) > Boot mode: Safe mode with network support > > Running processes: > C:\WINDOWS\System32\smss.exe > C:\WINDOWS\system32\winlogon.exe > C:\WINDOWS\system32\services.exe > C:\WINDOWS\system32\lsass.exe > C:\WINDOWS\system32\svchost.exe > C:\Program Files\Windows Defender\MsMpEng.exe > C:\WINDOWS\system32\svchost.exe > C:\WINDOWS\Explorer.EXE > C:\Program Files\Internet Explorer\iexplore.exe > C:\WINDOWS\system32\ctfmon.exe > C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE > C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OL\TMAS_OL.exe > C:\DOCUME~1\CHRISJ~1\LOCALS~1\Temp\Temporary Directory 1 for > HiJackThis[1].zip\HijackThis.exe > > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = > http://go.microsoft.com/fwlink/?LinkId=54896 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = > http://go.microsoft.com/fwlink/?LinkId=69157 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = > http://go.microsoft.com/fwlink/?LinkId=54896 > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = > http://go.microsoft.com/fwlink/?LinkId=54896 > R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = > http://go.microsoft.com/fwlink/?LinkId=69157 > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = > R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = > http://go.microsoft.com/fwlink/?LinkId=54843 > R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = > http://go.microsoft.com/fwlink/?LinkId=21940 > O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program > Files\TechSmith\SnagIt 8\SnagItIEAddin.dll > O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe > O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe > O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe > O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe > O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program > Files\Java\j2re1.4.2_03\bin\jusched.exe > O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program > Files\Intel\Wireless\bin\ZCfgSvc.exe" > O4 - HKLM\..\Run: [IntelWireless] "C:\Program > Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless > O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe > O4 - HKLM\..\Run: [DVDLauncher] "C:\Program > Files\CyberLink\PowerDVD\DVDLauncher.exe" > O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft > IntelliPoint\point32.exe" > O4 - HKLM\..\Run: [QuickTime Task] "C:\Program > Files\QuickTime\qttask.exe" -atboottime > O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program > Files\McAfee\SpamKiller\MSKDetct.exe /uninstall > O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet > Security 2007\pccguide.exe" > O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows > Defender\MSASCui.exe" -hide > O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software > Update\HPWuSchd2.exe > O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe > O4 - HKCU\..\Run: [OE] "C:\Program Files\Trend Micro\Internet Security > 2007\TMAS_OE\TMAS_OEMon.exe" > O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat > 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1 > O4 - HKCU\..\Run: [Tair] "C:\PROGRA~1\COMMON~1\ASKS~1\iexplore.exe" -vt > yazb > O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & > Destroy\TeaTimer.exe > O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] > "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM') > O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] > "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user') > O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common > Files\Adobe\Calibration\Adobe Gamma Loader.exe > O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program > Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe > O4 - Global Startup: Digital Line Detect.lnk = ? > O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program > Files\HP\Digital Imaging\bin\hpqtra08.exe > O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - > C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll > O9 - Extra 'Tools' menuitem: Sun Java Console - > {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program > Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll > O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - > C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL > O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - > C:\PROGRA~1\SPYBOT~1\SDHelper.dll > O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - > {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll > O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - > C:\WINDOWS\Network Diagnostic\xpnetdiag.exe > O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - > {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network > Diagnostic\xpnetdiag.exe > O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - > C:\Program Files\Messenger\msmsgs.exe > O9 - Extra 'Tools' menuitem: Windows Messenger - > {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program > Files\Messenger\msmsgs.exe > O15 - Trusted Zone: http://download.windowsupdate.com > O16 - DPF: {4CCA4E80-9259-11D9-AC6E-444553544200} (FixController > Control) - > http://h30155.www3.hp.com/ediags/dd/install/HPInstallMgr_v01_6.cab > O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - > http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab > O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - > http://software-dl.real.com/01d1b85147621cc5ee23/netzip/RdxIE2.cab > O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - > http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1168651254906 > O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer > Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab > O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred Control) - > file://C:\Program Files\AutoCAD 2000i\InstFred.ocx > O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - > file://C:\Program Files\AutoCAD 2000i\AcPreview.ocx > O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel > Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe > O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program > Files\Dell\QuickSet\NICCONFIGSVC.exe > O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend > Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe > O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend > Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe > O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe > O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel > Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe > O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel > Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe > O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro > Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe > O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - > C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe > O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - > C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe > O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - > Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe > > -- > End of file - 7695 bytes
|
Next
|
Last
Pages: 1 2 3 Prev: not a valid win32 aplication Update Next: avmete.dll - Virus file - cannot remove |