 |  |  |  |  |  |  |  |
Win2000Pro Desktop Black Screen Message Virus Warning Fix?
Thread Solved |
•
•
Join Date: Feb 2004
Posts: 10,099
Reputation: 
Solved Threads: 766
•
•
•
•
Originally Posted by celtic
Ok I cocked up I can see that, my apologies.
I followed your instructions ( I think (hopefully)):
Click "Start", "Settings", and then click "Control Panel". Open the "Display" applet.
Click on "Desktop", "Customise Display..." and "Web".
In the box under "Web pages" look for a checkbox named "Security". If found select it and click "Delete".
Clicked Start, clicked Settings, went into Control Panel, clicked on Display, so far so good, that made sense, but where the ruddy dickens is Customise Display, not showing up, hmmmmmmmm my apologies for being just ever so slightly thick as five short planks of wood, but what now? :rolleyes:
Oh my giddy aunt, computer language is more baffling than bloomin French!!
Aghhhhhhh!!! You poor sod putting up with me!!
Can we get this any simpler?
As for the log........almost got it. What did you save it in? The log you posted looks like the results from an online scan that you did, yes??
We need to start again from the beginning. Download onto your pc, the hijackthis program from the link that I provided in my first post. Do not go anywhere else
. Scan your pc with that program only. When the scan has finished the scan button will change to a save button. Save the log to your desktop where it will be easy to access. Copy the entire log and paste it back here please. Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Ok I'll try, I'm sooo sorry to be such an annoyance.
As a present for you in the meantime feel free to peruse my landscape photographs: http://inlunarsunphotography.myphotoalbum.com/
In your spare time, sit back and enjoy!! Click on any photograph on the left to be taken to a new page, click on Slideshow.
As a present for you in the meantime feel free to peruse my landscape photographs: http://inlunarsunphotography.myphotoalbum.com/
In your spare time, sit back and enjoy!! Click on any photograph on the left to be taken to a new page, click on Slideshow.
Logfile of HijackThis v1.99.1
Scan saved at 04:47:41, on 06/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINNT\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\inet10079\winlogon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINNT\system32\UMonit2K.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINNT\YumgoHomepageProtector.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E96RIB65\hijackthis_sfx[1].exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abebooks.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.abebooks.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.abebooks.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.abebooks.com
F3 - REG:win.ini: run=C:\WINNT\inet10079\winlogon.exe
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2K.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
O4 - HKLM\..\Run: [WindowsFZ] C:\WINNT\loader.exe /1
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yumgo's Homepage Protector V1] YumgoHomepageProtector.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\\histkill.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
O4 - Startup: BJ Status Monitor Canon i350.lnk = C:\Documents and Settings\Administrator\cnmss Canon i350 (Local).exe
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\PROGRA~1\LSOFTT~1\ACTIVE~1\ZDelete.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://inlunarsunphotography.myphoto...UploadTool.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0340C825-7AB5-4835-927F-E28D5DD6D4D7}: NameServer = 80.225.248.178 80.225.248.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{0340C825-7AB5-4835-927F-E28D5DD6D4D7}: NameServer = 80.225.248.178 80.225.248.186
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Scan saved at 04:47:41, on 06/06/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
C:\WINNT\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINNT\Explorer.EXE
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\inet10079\winlogon.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\WINNT\system32\UMonit2K.exe
C:\Program Files\Classic PhoneTools\CapFax.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINNT\YumgoHomepageProtector.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\PhotoWise\quicklnk.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\E96RIB65\hijackthis_sfx[1].exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.abebooks.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.abebooks.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.abebooks.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.abebooks.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.abebooks.com
F3 - REG:win.ini: run=C:\WINNT\inet10079\winlogon.exe
O1 - Hosts: 255.255.255.255 ar.atwola.com atdmt.com avp.ch avp.com avp.ru awaps.net ca.com dispatch.mcafee.com download.mcafee.com download.microsoft.com downloads.microsoft.com engine.awaps.net f-secure.com ftp.f-secure.com ftp.sophos.com go.microsoft.com liveupdate.symantec.com mast.mcafee.com mcafee.com msdn.microsoft.com my-etrust.com nai.com networkassociates.com office.microsoft.com phx.corporate-ir.net secure.nai.com securityresponse.symantec.com service1.symantec.com sophos.com spd.atdmt.com support.microsoft.com symantec.com update.symantec.com updates.symantec.com us.mcafee.com vil.nai.com viruslist.ru windowsupdate.microsoft.com www.avp.ch www.avp.com www.avp.ru www.awaps.net www.ca.com www.f-secure.com www.kaspersky.ru www.mcafee.com www.my-etrust.com www.nai.com www.networkassociates.com www.sophos.com www.symantec.com www.trendmicro.com www.viruslist.com www.viruslist.ru www3.ca.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtray.exe SetReg
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Gene USB Monitor] C:\WINNT\system32\UMonit2K.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [CapFax] C:\Program Files\Classic PhoneTools\CapFax.EXE
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
O4 - HKLM\..\Run: [WindowsFZ] C:\WINNT\loader.exe /1
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\Symtrdr.exe
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yumgo's Homepage Protector V1] YumgoHomepageProtector.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [HistoryKill] C:\Program Files\HistoryKill\\histkill.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
O4 - Startup: BJ Status Monitor Canon i350.lnk = C:\Documents and Settings\Administrator\cnmss Canon i350 (Local).exe
O4 - Startup: Norton Disk Doctor.lnk = C:\Program Files\Norton SystemWorks\Norton Utilities\NDD32.EXE
O4 - Startup: PhotoWise QuickLink.lnk = C:\Program Files\PhotoWise\quicklnk.exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Norton GoBack.lnk = C:\Program Files\Norton SystemWorks\Norton GoBack\GBTray.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: ZDelete Auto-Cleaner - {EB7F329E-F14E-48ae-AB69-4E28C492D382} - C:\PROGRA~1\LSOFTT~1\ACTIVE~1\ZDelete.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-24.cab
O16 - DPF: {5F8A33E7-6A32-4EE0-887A-134C627CB052} (Easy Upload Tool Combo Control) - http://inlunarsunphotography.myphoto...UploadTool.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0340C825-7AB5-4835-927F-E28D5DD6D4D7}: NameServer = 80.225.248.178 80.225.248.186
O17 - HKLM\System\CS1\Services\Tcpip\..\{0340C825-7AB5-4835-927F-E28D5DD6D4D7}: NameServer = 80.225.248.178 80.225.248.186
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: GoBack Polling Service (GBPoll) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe
O23 - Service: GEARSecurity - GEAR Software - C:\WINNT\System32\GEARSec.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Sorry I'm getting a bit slow at this only it is 4:51 in the morning here and I'm ever so knackered. Tell me, have I done it right this time, only I think I followed your instructions to the letter. Please advise if I have done anything wrong.
Cheers mate!!
Cheers mate!!
OK I clicked on Web after doing the Control Panel thingermejiggy but can't see no box with any delete function or something or other???
•
•
Join Date: Feb 2004
Posts: 10,099
Reputation:
Solved Threads: 766
Looks a lot better. You have the latest version of smitfraud.
-
The annoying message on your desktop is kind of hard to get rid until you do the following.
Click on the upper edge of the screen and drag it down until you notice a cross in the upper right corner. Click the cross to close the screen and you will have access to your real desktop and can change the settings.
It is a modified explorer screen that is laid between your desktop and the shortcuts on it.
-
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.
Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Security IGuard
Virtual Maid
Search Maid
Exit Add/Remove Programs.
*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES
* I need you to copy all of the Killbox file paths below and paste them into Notepad.
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\WINNT\sites.ini
C:\WINNT\popuper.exe
C:\WINNT\System32\hhk.dll
C:\WINNT\System32\wldr.dll
C:\WINNT\System32\helper.exe
C:\WINNT\System32\intmon.exe
C:\WINNT\System32\shnlog.exe
C:\WINNT\System32\intmonp.exe
C:\WINNT\System32\msmsgs.exe
C:\WINNT\System32\msole32.exe
C:\WINNT\System32\ole32vbs.exe
C:\WINNT\inet10079\winlogon.exe
C:\WINNT\loader.exe
C:\WINNT\System32\LogFiles\A5281300.so
C:\WINNT\System32\winnook.exe
C:\WINNT\System32\desktop.html
C:\WINNT\System32\screen.html
* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
* Save it to your desktop.
* Please double-click Killbox.exe to run it.
* Select "Delete on Reboot".
* Open the Notepad file where you saved the file paths earlier and copy the file paths to the clipboard by highlighting ALL of them and pressing CTRL + C
* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Make sure you can view hidden files.
Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)
FOLDERS to delete (in bold) if found:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\WINNT\System32\Log Files
C:\Program Files\Security IGuard
C:\WINNT\inet10079
While still in Safe Mode, do the following:
Make sure all programs and windows are closed, including Internet Explorer. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED
F3 - REG:win.ini: run=C:\WINNT\inet10079\winlogon.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
O4 - HKLM\..\Run: [WindowsFZ] C:\WINNT\loader.exe /1
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
Close HiJackThis after hitting the 'fix checked' button.
Reboot into normal mode.
1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.
2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
3.) Download, install, and run CleanUp!
4.) Run this online virus scan: ActiveScan - Save the results from the scan!
Post a new HiJackThis log along with the results from ActiveScan.
-
The annoying message on your desktop is kind of hard to get rid until you do the following.
Click on the upper edge of the screen and drag it down until you notice a cross in the upper right corner. Click the cross to close the screen and you will have access to your real desktop and can change the settings.
It is a modified explorer screen that is laid between your desktop and the shortcuts on it.
-
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!
Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.
Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.
Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:
Security IGuard
Virtual Maid
Search Maid
Exit Add/Remove Programs.
*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES
* I need you to copy all of the Killbox file paths below and paste them into Notepad.
C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\WINNT\sites.ini
C:\WINNT\popuper.exe
C:\WINNT\System32\hhk.dll
C:\WINNT\System32\wldr.dll
C:\WINNT\System32\helper.exe
C:\WINNT\System32\intmon.exe
C:\WINNT\System32\shnlog.exe
C:\WINNT\System32\intmonp.exe
C:\WINNT\System32\msmsgs.exe
C:\WINNT\System32\msole32.exe
C:\WINNT\System32\ole32vbs.exe
C:\WINNT\inet10079\winlogon.exe
C:\WINNT\loader.exe
C:\WINNT\System32\LogFiles\A5281300.so
C:\WINNT\System32\winnook.exe
C:\WINNT\System32\desktop.html
C:\WINNT\System32\screen.html
* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.
* Save it to your desktop.
* Please double-click Killbox.exe to run it.
* Select "Delete on Reboot".
* Open the Notepad file where you saved the file paths earlier and copy the file paths to the clipboard by highlighting ALL of them and pressing CTRL + C
* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.
While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
Make sure you can view hidden files.
Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)
FOLDERS to delete (in bold) if found:
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\WINNT\System32\Log Files
C:\Program Files\Security IGuard
C:\WINNT\inet10079
While still in Safe Mode, do the following:
Make sure all programs and windows are closed, including Internet Explorer. Run HiJackThis and place a check next to the following items, if found, then click FIX CHECKED
F3 - REG:win.ini: run=C:\WINNT\inet10079\winlogon.exe
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
O4 - HKLM\..\Run: [WindowsFZ] C:\WINNT\loader.exe /1
O4 - HKCU\..\Run: [xp_system] C:\WINNT\inet10079\winlogon.exe
Close HiJackThis after hitting the 'fix checked' button.
Reboot into normal mode.
1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.
2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.
3.) Download, install, and run CleanUp!
4.) Run this online virus scan: ActiveScan - Save the results from the scan!
Post a new HiJackThis log along with the results from ActiveScan.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Opera AVAST anti-virus Comodo Firewall Spywareblaster
You REALLY need to cut down on the amount of security and system tools software programs you have installed on that system! You are taking paranoia to a whole new level, it's a wonder your system isn't slowed down to the point of being unusable, and it's a wonder that you are not getting program crashes and blue screens as a result of all those tools trying to run at once!
Need to install Windows again?
Catweazle's News Desk
Search the expert answer database
'Flame free' PC games discussion.
Catweazle's News Desk
Search the expert answer database
'Flame free' PC games discussion.
Hmmmmmm now I'm tempted to agree with you, please advise what I ought to get rid of.
Too, in the past two hours tonight I have had a hell of a job just getting my connection back up and running, and yes, now I have a blue screen too with something called smitfruad virus on it (turned my screen from black to blue).
Please keep each step by step instruction as simple as possible in plain English if you do not mind as at the best of times I find this computer language quite baffling.
Did you enjoy my photos?
Best regards!!
Mark
Too, in the past two hours tonight I have had a hell of a job just getting my connection back up and running, and yes, now I have a blue screen too with something called smitfruad virus on it (turned my screen from black to blue).
Please keep each step by step instruction as simple as possible in plain English if you do not mind as at the best of times I find this computer language quite baffling.
Did you enjoy my photos?
Best regards!!
Mark
You said:
Click on the upper edge of the screen and drag it down until you notice a cross in the upper right corner. Click the cross to close the screen and you will have access to your real desktop and can change the settings.
It is a modified explorer screen that is laid between your desktop and the shortcuts on it.
Ok I did that, absolutely nowt happened, well, it did, a white line appeared and if I moved the mouse left or right, by the white line a box appeared then disappeared (sort of), what am I doing wrong now?
Blinkin hec, one of these days I might give up garden design, simply cos it bloomin rains too much here to make it a worthwhile enterprise and take up some sort of software programming instead. If only there was a ghost screen, come box for problems like this that guided you visually every single step of the way. It'd be such an ideal solution and help twats like me from wasting so much of guys like you, time.
Now, where were we?
What do I do next?
Apologies for such ignorance on my part!!
Though your assistance is ever so much appreciated.
I'd much rather be having a conversation about UK politics!!!!!!!!
Bottoms up. Cheers mate!! :rolleyes:
Click on the upper edge of the screen and drag it down until you notice a cross in the upper right corner. Click the cross to close the screen and you will have access to your real desktop and can change the settings.
It is a modified explorer screen that is laid between your desktop and the shortcuts on it.
Ok I did that, absolutely nowt happened, well, it did, a white line appeared and if I moved the mouse left or right, by the white line a box appeared then disappeared (sort of), what am I doing wrong now?
Blinkin hec, one of these days I might give up garden design, simply cos it bloomin rains too much here to make it a worthwhile enterprise and take up some sort of software programming instead. If only there was a ghost screen, come box for problems like this that guided you visually every single step of the way. It'd be such an ideal solution and help twats like me from wasting so much of guys like you, time.
Now, where were we?
What do I do next?
Apologies for such ignorance on my part!!
Though your assistance is ever so much appreciated.
I'd much rather be having a conversation about UK politics!!!!!!!!
Bottoms up. Cheers mate!! :rolleyes:
 |
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: ieav.exe messing with my pc! what is it?
- Next Thread: IE pop up ads while using Firefox
| Thread Tools | Search this Thread |
Latest Viruses, Spyware and other Nasties Posts
Related Forum Features
Tag cloud for Viruses, Spyware and other Nasties
acrobat adobe adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china combofix commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch pdf phishing police policeprovirusmba-mblockedinternetaccess president pro redirect report research rogueantivirus rootkit samhain sans scareware search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen threat translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista volume vulnerability war warning windows worm yahoo zero-day zeroday
