Hi
I completed the steps which you told me to do, however i was encountered with a problem which you didn't tell me about (i don't know if it effects the computer) i followed this step:
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection..
I received a message after pressing Y and enter stating: "C:\WINDOWS\system32\cmd.exe
The NTVDM CPU has encountered an illegal instruction". It gave me the option of close or ignore which i tried both but it would not execute the option i selected. The temporary files were deleted, i rebooted because the computer did not rebot on its own and received the rapport.txt. i repeated the process twice but encountered the same problem.
the backround problem was not fixed. I go to properties and click on the backround tab but can't change the backround it is frozen, i can't click on the "browse" and "position" options i can only click on the "color" option.
here are the logs:
Logfile of HijackThis v1.99.1
Scan saved at 8:17:15 PM, on 6/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Arcadyan Wireless\pctwpasv.exe
c:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Compaq_Owner\My Documents\Antivirus wear\hh\HijackThis.exe
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Reminder] "C:\Windows\Creator\Remind_XP.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SoftAP] C:\Program Files\Arcadyan Wireless\NetCfgWizard.exe /U
O4 - HKLM\..\Run: [Wireless SoftAP] "C:\Program Files\Arcadyan Wireless\Configuration\SoftAp.exe" /M
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [Acme.PCHButton] C:\PROGRA~1\HELPAN~1\Presario\XPHWWRF4\plugin\bin\PCHButton.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Compaq Connections.lnk = C:\Program Files\Compaq Connections\6750491\Program\Compaq Connections.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office2\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI8CBC~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.bigpond.com/
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) -
http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -
http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) -
http://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) -
http://fdl.msn.com/public/chat/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{53342351-B313-4B96-9138-418E763BF45D}: NameServer = 203.8.183.1 192.189.54.33
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SoftAP WPA Authenticator Service (PCTWPASV) - PCTEL Inc. - C:\Program Files\Arcadyan Wireless\pctwpasv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Tuesday, June 06, 2006 8:15:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 6/06/2006
Kaspersky Anti-Virus database records: 186743
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
Scan Statistics
Total number of scanned objects 84349
Number of viruses found 20
Number of infected objects 107
Number of suspicious objects 0
Duration of the scan process 00:57:25
Infected Object Name Virus Name Last Action
C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/3f5adcde.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/3f5adcde.exe-ren-319 Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/funk.exe Infected: Trojan.Win32.LowZones.dp skipped
C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/nj.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped
C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/winstall.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped
C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip/avenger/winupdates/a.tmp Infected: Worm.Win32.VB.an skipped
C:\avenger\backup-Mon 05.06.2006-19.16.26.43.zip ZIP: infected - 6 skipped
C:\Documents and Settings\Compaq_Owner\Shared\horse racing.zip/setup.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.lu skipped
C:\Documents and Settings\Compaq_Owner\Shared\horse racing.zip/setup.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\Documents and Settings\Compaq_Owner\Shared\horse racing.zip/setup.exe Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\Documents and Settings\Compaq_Owner\Shared\horse racing.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\00C60245.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\04342836.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\05365E3F.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\089A063C.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\0A8A4AAA.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\0DF8709B.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\0F2C6B46.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\12652299.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\15C84A96.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\17BC3900.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\19AA633F Infected: Trojan-Downloader.Win32.Tibs.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\1B2A5EF2.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\1C2C14FB.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\1F903CF7.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\2187555E.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\24EE2757.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\26222202.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\295B5955.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\2CC5554A.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E2669B9.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\2E8966FB.class Infected: Trojan.Java.ClassLoader.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\2EB26FBC.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\305F1833.anr Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\3063422F.exe Infected: Trojan-Downloader.Win32.Small.on skipped
C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip ZIP: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\30FE7C97.zip CryptFF: infected - 3 skipped
C:\Program Files\Norton AntiVirus\Quarantine\322015AD.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\33224BB6.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\36891DAF.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\3BE7080E.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\3D1C02BA.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\40576409.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\43BB0C05.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\45A82677.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\48095393 Infected: Trojan-Downloader.JS.IstBar.j skipped
C:\Program Files\Norton AntiVirus\Quarantine\49164C69.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\4D7F546A.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DA57365 Infected: Trojan-Downloader.Win32.Tibs.n skipped
C:\Program Files\Norton AntiVirus\Quarantine\4DA91D61 Infected: Trojan.Win32.Dialer.gd skipped
C:\Program Files\Norton AntiVirus\Quarantine\52DA14CE.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\54123975.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\56483ABF.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\574D1AC5.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\5AB142C1.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\5CA2072F.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\600C0324.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\64750B26.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\69D04B89.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6B054634.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6D3E717B.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\6E3D7D87.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\71A7797C.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\739413EE.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\74B83B02.anr Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\770563DC.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\7B6F6BDE.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\Program Files\Norton AntiVirus\Quarantine\7BA12AEB.anr Infected: Trojan-Downloader.Win32.Ani.c skipped
C:\Program Files\Norton AntiVirus\Quarantine\7BC24EC7.class Infected: Trojan.Java.ClassLoader.h skipped
C:\Program Files\Norton AntiVirus\Quarantine\7BF66E8E.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7C0D1475.class Infected: Trojan.Java.ClassLoader.Dummy.d skipped
C:\Program Files\Norton AntiVirus\Quarantine\7C1A3C66.class Infected: Exploit.Java.ByteVerify skipped
C:\Program Files\Norton AntiVirus\Quarantine\7ED63DD7.exe Infected: Trojan-Downloader.Win32.Small.ahg skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP404\A0056280.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP404\A0056281.exe Infected: Trojan.Win32.LowZones.dp skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP404\A0056287.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP404\A0056319.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056449.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056450.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056490.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056500.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056508.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056522.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056525.exe Infected: Trojan.Win32.LowZones.dp skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056526.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056527.exe Infected: Trojan-Downloader.Win32.Small.cpg skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056800.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056801.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP406\A0056802.exe Infected: Trojan-Downloader.Win32.Tiny.bw skipped
C:\System Volume Information\_restore{EC671082-7A98-407D-87C9-526803B2BD9A}\RP408\A0056902.dll Infected: Trojan.Win32.Small.ev skipped
C:\WINDOWS\hosts Infected: Trojan.Win32.Qhost.k skipped
C:\WINDOWS\sys3849.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\WINDOWS\sys3849.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\WINDOWS\sys3849.exe NSIS: infected - 2 skipped
C:\WINDOWS\sys3950.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\WINDOWS\sys3950.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\WINDOWS\sys3950.exe NSIS: infected - 2 skipped
C:\WINDOWS\sys633.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\WINDOWS\sys633.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\WINDOWS\sys633.exe NSIS: infected - 2 skipped
Scan process completed.
Tuesday, June 06, 2006 7:16:38 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 6/06/2006
Kaspersky Anti-Virus database records: 186743
Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true
Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\CK\LOCALS~1\Temp\
Scan Statistics
Total number of scanned objects 21096
Number of viruses found 3
Number of infected objects 10
Number of suspicious objects 0
Duration of the scan process 00:13:49
Infected Object Name Virus Name Last Action
C:\WINDOWS\hosts Infected: Trojan.Win32.Qhost.k skipped
C:\WINDOWS\sys3849.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\WINDOWS\sys3849.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\WINDOWS\sys3849.exe NSIS: infected - 2 skipped
C:\WINDOWS\sys3950.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\WINDOWS\sys3950.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\WINDOWS\sys3950.exe NSIS: infected - 2 skipped
C:\WINDOWS\sys633.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.ja skipped
C:\WINDOWS\sys633.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn skipped
C:\WINDOWS\sys633.exe NSIS: infected - 2 skipped
Scan process completed.
SmitFraudFix v2.53
Scan done at 19:34:41.26, Mon 05/06/2006
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SmitFraudFix v2.53
Scan done at 19:29:45.75, Mon 05/06/2006
Run from C:\Program Files\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\CK\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CK\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About
:Home"
"SubscribedURL"="About
:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Marked Solved 
Offline 
