Pls Help

[mr_356]

When i open Diskeeper an error msg come "Diskeeper failed to connect to the service. The service may have stopped. Please see the event log for more details."
and than the respective window come but only for one microsecond.
i also check services. it is running

and help and system resotre dose not open.
and in "SEARCH" in the left pennel nothig appears only blank .
and when i connect to net in the tray a little dogy appear "CashBack pays you to shop!" when i exit it then it appear again.
By mistake i delete C:\Program Files\Common Files\symentec.


hijackthis......

Logfile of HijackThis v1.99.1
Scan saved at 11:56:20 PM, on 6/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\HHVcdV7Sys\VC7SecS.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\HHVcdV7Sys\VC7Play.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\rsmui.exe
C:\WINDOWS\system32\igfxdiag.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\CashBack\bin\cashback.exe
C:\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -

c:\program files\google\googletoolbar1.dll
O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} -

C:\WINDOWS\system32\mscb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog

Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe"

/tray
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKLM\..\Run: [VC7Player] C:\Program Files\HHVcdV7Sys\VC7Play.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Executive

Software\Diskeeper\DkIcon.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\ezStub.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\WINDOWS\system32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) -

file://C:\TempEI4\EI40_\msxml4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B40A2DCD-4C2E-4C3D-A0B1-3450D700DBEA}:

NameServer = 61.1.32.33 61.1.128.5
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program

Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Unknown owner -

C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Unknown owner -

C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe (file missing)
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog

Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Virtual CD v7 Management Service (VC7SecS) - H+H Software GmbH -

C:\Program Files\HHVcdV7Sys\VC7SecS.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. -

C:\WINDOWS\system32\ZONELABS\vsmon.exe

 

[swatkat]

Download WebRoot SpySweeper and install it.
Boot in Safe Mode.
Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

O2 - BHO: CB UrlCatcher Class - {CE188402-6EE7-4022-8868-AB25173A3E14} - C:\WINDOWS\system32\mscb.dll
O4 - HKLM\..\Run: [CashBack] C:\Program Files\CashBack\bin\cashback.exe
O4 - HKLM\..\Run: [Tsl] C:\PROGRA~1\COMMON~1\tsa\tsl.exe
O4 - HKCU\..\RunOnce: [Web Offer] C:\WINDOWS\system32\ezStub.exe
O16 - DPF: {88D969C0-F192-11D4-A65F-0040963251E5} (XML DOM Document 4.0) - file://C:\TempEI4\EI40_\msxml4.cab

Close all other open programs except Hijackthis and click the button Fix in HijackThis.

Exit from HijackThis. Delete these files:-
C:\Program Files\CashBack\bin\cashback.exe
C:\WINDOWS\system32\mscb.dll
C:\PROGRAM FILES\COMMON FILES\tsa\tsl.exe
C:\WINDOWS\system32\ezStub.exe

Delete these folders:-
C:\Program Files\CashBack
C:\PROGRAM FILES\COMMON FILES\tsa

Run WebRoot SpySweeper, click "Options" button and then click "Sweep Options" tab, and here select all the Hard Disk Partitions. In the "Where to sweep" option box, select "All files and folders in the selected drives". Then click "Sweep Now" button and click "Start". Remove any malwares it may find.

Reboot to Normal Mode and run HijackThis again. Then click Do a System scan and save log, and post the fresh log here.

 

[anandk]

useful post by swatcat.

make sure u r able to update your trial versin of spy sweeper. it has over 86000 spyware fingerprints loaded in it.

else use ms anti-spy or pestpatrol.

 

[mr_356]

I said that by mistake i delete C:\Program Files\Common Files\symentec. So my friend suggest me that i reinstall norton antivirus 2003.
so i reinstall norton in WinXP(I hav also Win98 installed).
But during the installation of the norton antivirus my system crashed.and now whenever i start WinXP after 10 or 15 sec it crash again.it can not start in safe mode also. But it can start in "Last Good Configaration..." mode.
When i tried to uninstall norton antivirus it says that norton antivirus is not completely installed.
And when i try to reinstall norton smae problem occure.
Can U tell me how to unintall norton antivirus.
So i can post the fresh log.