|
| ||
| Your Computer is infected (white x in red circle) Hi I was surfing the net yesterday and had this annoying virus coming up out of nowhere can u help me fix it . Logfile of HijackThis v1.99.1 Scan saved at 2:12:13 PM, on 1/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Arcadyan Wireless\pctwpasv.exe c:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\ALCWZRD.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\iPod\bin\iPodService.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE c:\nj.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Compaq_Owner\My Documents\Antivirus wear\hh\HijackThis.exe O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [funk] funk.exe O4 - HKLM\..\Run: [3f5adcde.exe] C:\WINDOWS\system32\3f5adcde.exe O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [3f5adcde.exe] C:\Documents and Settings\CK\Local Settings\Application Data\3f5adcde.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI8CBC~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/ O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{53342351-B313-4B96-9138-418E763BF45D}: NameServer = 203.8.183.1 192.189.54.33 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe |
| ||
| Re: Your Computer is infected (white x in red circle) Hi, Download CCleaner and install it. Do not run it now! Please download The Avenger by Swandog46 to your Desktop.
Quote:
The Avenger will automatically do the following:-
Run HijackThis and click Do only a System scan. Then put a check mark infront of below listed entries:- O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto O4 - HKLM\..\Run: [funk] funk.exe O4 - HKLM\..\Run: [3f5adcde.exe] C:\WINDOWS\system32\3f5adcde.exe O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe O4 - HKCU\..\Run: [3f5adcde.exe] C:\Documents and Settings\CK\Local Settings\Application Data\3f5adcde.exe Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis. Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning. Reboot the PC. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Avenger og. |
| ||
| Re: Your Computer is infected (white x in red circle) Also, after doing above mentioned steps, please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Open the SmitfraudFix folder and double-click smitfraudfix.cmd Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present). Please copy/paste the content of that report into your next reply. Note: process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user. http://www.beyondlogic.org/consulting/proc...processutil.htm |
| ||
| Re: Your Computer is infected (white x in red circle) the avenger file is corrupt |
| ||
| Re: Your Computer is infected (white x in red circle) now it worked |
| ||
| Re: Your Computer is infected (white x in red circle) Hi here they are Logfile of HijackThis v1.99.1 Scan saved at 9:03:16 PM, on 2/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Arcadyan Wireless\pctwpasv.exe c:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Compaq_Owner\My Documents\Antivirus wear\hh\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.altavista.yellowpages.com.au/ R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = BigPond Dial-Up Residential Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.iprimus.com.au:8080 O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [SP2 Connection Patcher] "C:\Program Files\SP2 Connection Patcher\SP2ConnPatcher.exe" -n=200 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office10\OSA.EXE O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI8CBC~1\Office10\EXCEL.EXE/3000 O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/ O15 - Trusted Zone: http://www.6arab.com O15 - Trusted Zone: http://www.wassoufclub.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Logfile of The Avenger version 1, by Swandog46 Running from registry key: \Registry\Machine\System\CurrentControlSet\Services\rclhpljq ******************* Script file located at: \??\C:\eraoprey.txt Script file opened successfully. Script file read successfully Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: File C:\WINDOWS\ALCWZRD.EXE deleted successfully. File c:\nj.exe deleted successfully. File C:\Program Files\winupdates\winupdates.exe not found! Deletion of file C:\Program Files\winupdates\winupdates.exe failed! Could not process line: C:\Program Files\winupdates\winupdates.exe Status: 0xc0000034 File C:\WINDOWS\system32\3f5adcde.exe deleted successfully. File C:\Documents and Settings\CK\Local Settings\Application Data\3f5adcde.exe deleted successfully. File C:\winstall.exe deleted successfully. File C:\WINDOWS\SYSTEM32\funk.exe deleted successfully. Folder C:\Program Files\winupdates deleted successfully. Completed script processing. ******************* Finished! Terminate. SmitFraudFix v2.53 Scan done at 21:07:19.68, Fri 02/06/2006 Run from C:\Program Files\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\oleadm.dll FOUND ! C:\WINDOWS\system32\wp.bmp FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Compaq_Owner\Application Data C:\Documents and Settings\Compaq_Owner\Application Data\Install.dat FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\COMPAQ~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\PestTrap\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys HKLM\SOFTWARE\SHUDDERLTD FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll My desktop backround has dissapeared and i can't change it through properties can u help fix it ? thanks |
| ||
| Re: Your Computer is infected (white x in red circle) Hi, Let's fix the background issue now! Reboot your computer in Safe Mode by doing the following :
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt. By the way, have you added these sites to Trusted Zone in Internet Explorer? www.6arab.comIf yes, then you can leave them as it is. If you have NOT added them, then run HijackThis and remove these two entries:- O15 - Trusted Zone: http://www.6arab.com O15 - Trusted Zone: http://www.wassoufclub.com After this, perform an online virus scan at Kaspersky Online Scanner (Click the "Kaspersky Online Scanner" button). Save the log it gives after the scan. Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log and SmitfraudFix log |
| ||
| Re: Your Computer is infected (white x in red circle) Hi I completed the steps which you told me to do, however i was encountered with a problem which you didn't tell me about (i don't know if it effects the computer) i followed this step: Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.. I received a message after pressing Y and enter stating: "C:\WINDOWS\system32\cmd.exe The NTVDM CPU has encountered an illegal instruction". It gave me the option of close or ignore which i tried both but it would not execute the option i selected. The temporary files were deleted, i rebooted because the computer did not rebot on its own and received the rapport.txt. i repeated the process twice but encountered the same problem. the backround problem was not fixed. I go to properties and click on the backround tab but can't change the backround it is frozen, i can't click on the "browse" and "position" options i can only click on the "color" option. here are the logs: Logfile of HijackThis v1.99.1 Scan saved at 8:17:15 PM, on 6/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Arcadyan Wireless\pctwpasv.exe c:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\cidaemon.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\ctfmon.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\SpywareGuard\sgmain.exe C:\Program Files\SpywareGuard\sgbhp.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Compaq_Owner\My Documents\Antivirus wear\hh\HijackThis.exe O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI8CBC~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{53342351-B313-4B96-9138-418E763BF45D}: NameServer = 203.8.183.1 192.189.54.33 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe Tuesday, June 06, 2006 8:15:26 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 6/06/2006 Kaspersky Anti-Virus database records: 186743 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target My Computer C:\ D:\ E:\ F:\ G:\ H:\ I:\ Scan Statistics Total number of scanned objects 84349 Number of viruses found 20 Number of infected objects 107 Number of suspicious objects 0 Duration of the scan process 00:57:25 Infected Object Name Virus Name Last Action C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/3f5adcde.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/3f5adcde.exe-ren-319 Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/funk.exe Infected: Trojan.Win32.LowZones.dp skipped C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/nj.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/winstall.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/winupdates/a.tmp Infected: Worm.Win32.VB.an skipped C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip ZIP: infected - 6 skipped C:\Documents and Settings\Compaq_Owner\Shared\horse racing.zip/setup.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.lu skipped C:\Documents and Settings\Compaq_Owner\Shared\horse racing.zip/setup.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped C:\Documents and Settings\Compaq_Owner\Shared\horse racing.zip/setup.exe Infected: Trojan-Downloader.Win32.IstBar.nn skipped C:\Documents and Settings\Compaq_Owner\Shared\horse racing.zip ZIP: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\00C60245.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\04342836.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\05365E3F.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\089A063C.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\0A8A4AAA.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\0DF8709B.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\0F2C6B46.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\12652299.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\15C84A96.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\17BC3900.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\19AA633F Infected: Trojan-Downloader.Win32.Tibs.n skipped C:\Program Files\Norton AntiVirus\Quarantine\1B2A5EF2.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\1C2C14FB.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\1F903CF7.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\2187555E.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\24EE2757.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\26222202.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\295B5955.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\2CC5554A.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip ZIP: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip CryptFF: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\2E8966FB.class Infected: Trojan.Java.ClassLoader.d skipped C:\Program Files\Norton AntiVirus\Quarantine\2EB26FBC.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\305F1833.anr Infected: Trojan-Downloader.Win32.Ani.c skipped C:\Program Files\Norton AntiVirus\Quarantine\3063422F.exe Infected: Trojan-Downloader.Win32.Small.on skipped C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip ZIP: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip CryptFF: infected - 3 skipped C:\Program Files\Norton AntiVirus\Quarantine\322015AD.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\33224BB6.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\36891DAF.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\3BE7080E.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\3D1C02BA.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\40576409.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\43BB0C05.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\45A82677.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\48095393 Infected: Trojan-Downloader.JS.IstBar.j skipped C:\Program Files\Norton AntiVirus\Quarantine\49164C69.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\4D7F546A.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\4DA57365 Infected: Trojan-Downloader.Win32.Tibs.n skipped C:\Program Files\Norton AntiVirus\Quarantine\4DA91D61 Infected: Trojan.Win32.Dialer.gd skipped C:\Program Files\Norton AntiVirus\Quarantine\52DA14CE.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\54123975.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\56483ABF.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\574D1AC5.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\5AB142C1.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\5CA2072F.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\600C0324.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\64750B26.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\69D04B89.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\6B054634.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\6D3E717B.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\6E3D7D87.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\71A7797C.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\739413EE.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\74B83B02.anr Infected: Trojan-Downloader.Win32.Ani.c skipped C:\Program Files\Norton AntiVirus\Quarantine\770563DC.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\7B6F6BDE.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\Program Files\Norton AntiVirus\Quarantine\7BA12AEB.anr Infected: Trojan-Downloader.Win32.Ani.c skipped C:\Program Files\Norton AntiVirus\Quarantine\7BC24EC7.class Infected: Trojan.Java.ClassLoader.h skipped C:\Program Files\Norton AntiVirus\Quarantine\7BF66E8E.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\7C0D1475.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped C:\Program Files\Norton AntiVirus\Quarantine\7C1A3C66.class Infected: Exploit.Java.ByteVerify skipped C:\Program Files\Norton AntiVirus\Quarantine\7ED63DD7.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP404\A0056280.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP404\A0056281.exe Infected: Trojan.Win32.LowZones.dp skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP404\A0056287.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP404\A0056319.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056449.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056450.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056490.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056500.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056508.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056522.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056525.exe Infected: Trojan.Win32.LowZones.dp skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056526.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056527.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056800.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056801.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056802.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP408\A0056902.dll Infected: Trojan.Win32.Small.ev skipped C:\WINDOWS\hosts Infected: Trojan.Win32.Qhost.k skipped C:\WINDOWS\sys3849.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped C:\WINDOWS\sys3849.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped C:\WINDOWS\sys3849.exe NSIS: infected - 2 skipped C:\WINDOWS\sys3950.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped C:\WINDOWS\sys3950.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped C:\WINDOWS\sys3950.exe NSIS: infected - 2 skipped C:\WINDOWS\sys633.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped C:\WINDOWS\sys633.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped C:\WINDOWS\sys633.exe NSIS: infected - 2 skipped Scan process completed. Tuesday, June 06, 2006 7:16:38 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 6/06/2006 Kaspersky Anti-Virus database records: 186743 Scan Settings Scan using the following antivirus database standard Scan Archives true Scan Mail Bases true Scan Target Critical Areas C:\WINDOWS C:\DOCUME~1\CK\LOCALS~1\Temp\ Scan Statistics Total number of scanned objects 21096 Number of viruses found 3 Number of infected objects 10 Number of suspicious objects 0 Duration of the scan process 00:13:49 Infected Object Name Virus Name Last Action C:\WINDOWS\hosts Infected: Trojan.Win32.Qhost.k skipped C:\WINDOWS\sys3849.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped C:\WINDOWS\sys3849.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped C:\WINDOWS\sys3849.exe NSIS: infected - 2 skipped C:\WINDOWS\sys3950.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped C:\WINDOWS\sys3950.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped C:\WINDOWS\sys3950.exe NSIS: infected - 2 skipped C:\WINDOWS\sys633.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped C:\WINDOWS\sys633.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped C:\WINDOWS\sys633.exe NSIS: infected - 2 skipped Scan process completed. SmitFraudFix v2.53 Scan done at 19:34:41.26, Mon 05/06/2006 Run from C:\Program Files\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End SmitFraudFix v2.53 Scan done at 19:29:45.75, Mon 05/06/2006 Run from C:\Program Files\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in normal mode »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CK\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CK\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
| ||
| Re: Your Computer is infected (white x in red circle) Hi, Download XP_FIX and save it on Desktop. Next, run it to fix the "NTVDM....16 bit subsystem" error. After this, reboot your computer in Safe Mode. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press Enter to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press Enter in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press Enter. The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. The report can also be found at the root of the system drive, usually at C:\rapport.txt. Along with the SmitfraudFix log, post a fresh HijackThisl log too. |
| ||
| Re: Your Computer is infected (white x in red circle) Hi Swatkat Same problem again. I ran Xp FIX and then rebooted into safe mode and done the step you told me to do, i was encountered with the same problem when cleaning the registry :C:\WINDOWS\system32\cmd.exe The NTVDM CPU has encountered an illegal instruction. Is there a problem which you can see?, how can i fix it? here are the logs: Logfile of HijackThis v1.99.1 Scan saved at 10:46:16 PM, on 7/06/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Symantec Shared\ccProxy.exe c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe c:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\WINDOWS\system32\cisvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\Arcadyan Wireless\pctwpasv.exe c:\Program Files\Norton AntiVirus\SAVScan.exe C:\WINDOWS\system32\tcpsvcs.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\system32\svchost.exe c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\windows\system\hpsysdrv.exe C:\HP\KBD\KBD.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\AGRSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\WINDOWS\system32\wscntfy.exe C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Messenger\msmsgs.exe C:\Documents and Settings\Compaq_Owner\My Documents\Antivirus wear\hh\HijackThis.exe O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe" O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: Bluetooth.lnk = ? O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI8CBC~1\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/ O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835 O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/sof...iveXPlugin.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe SmitFraudFix v2.53 Scan done at 22:39:48.29, Wed 07/06/2006 Run from C:\Program Files\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT Fix ran in safe mode »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» End Will there be a solution for this |
| All times are GMT -4. The time now is 4:56 pm. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC