Christopher_35 Posted June 27, 2006 Report Share Posted June 27, 2006 I normally keep a clean sheet when it comes to viruses and spyware, but am new to wireless routers and left myself wide open. What an idiot I am. Ran Spybot (nothing) Ran Adaware SE Personal (24 fixes) Deleted everything and rebooted. Ran AVG free 1 trojan. Ran Symantic and it was clean. Keep receiving popups about there being errors on my system. Also one that says Urgent System Message: Virus! Your computer is infected with last version of internet Trojan (iworm_attck_v122.02a) Recommended that I install antvirus software!Symantic gets 1 aborted update LU1847 message IE is not allowing me access to certain sites, in particular the Web-based Utility for my linksys router.Please can you offer some advice. Here is my logLogfile of HijackThis v1.99.1Scan saved at 23:34:52, on 26/06/2006Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccProxy.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Norton Internet Security\ISSVC.exeC:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeC:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\WINDOWS\system32\atmclk.exeC:\Program Files\HP\hpcoretech\hpcmpmgr.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\TCM\TCM COMBO SET\MouseDrv.exeC:\Program Files\TCM\TCM COMBO SET\PS2USBKbdDrv.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\BillP Studios\WinPatrol\winpatrol.exeC:\Program Files\iPod\bin\iPodService.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exeC:\WINDOWS\system32\rundll32.exeC:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeC:\Program Files\Microsoft ActiveSync\WCESCOMM.EXEC:\Program Files\Ashampoo\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\Messenger\msmsgs.exeC:\program files\voipcheap\voipcheap.exeC:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exeC:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files\LG PC Suite\LG PC Sync\LGSyncManager.exeC:\Program Files\HP\hpcoretech\comp\hptskmgr.exeC:\WINDOWS\System32\HPZipm12.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exeC:\Program Files\Internet Explorer\iexplore.exeC:\WINDOWS\explorer.exeC:\Documents and Settings\Owner\Desktop\Utilities\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ntlworld.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = c:\secure32.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = c:\secure32.htmlR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.htmlR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\secure32.htmlO1 - Hosts: 205.238.40.2 www.winmx.comO1 - Hosts: 205.238.40.2 err.winmx.comO1 - Hosts: 205.238.40.2 c3310.z1301.winmx.comO1 - Hosts: 67.18.233.36 c3311.z1301.winmx.comO1 - Hosts: 82.43.224.20 c3312.z1301.winmx.comO1 - Hosts: 209.67.209.50 c3313.z1301.winmx.comO1 - Hosts: 212.227.64.159 c3314.z1301.winmx.comO1 - Hosts: 205.238.40.2 c3315.z1301.winmx.comO1 - Hosts: 67.18.233.36 c3316.z1301.winmx.comO1 - Hosts: 82.43.224.20 c3317.z1301.winmx.comO1 - Hosts: 209.67.209.50 c3318.z1301.winmx.comO1 - Hosts: 212.227.64.159 c3319.z1301.winmx.comO1 - Hosts: 205.238.40.2 c3310.z1302.winmx.comO1 - Hosts: 67.18.233.36 c3311.z1302.winmx.comO1 - Hosts: 82.43.224.20 c3312.z1302.winmx.comO1 - Hosts: 209.67.209.50 c3313.z1302.winmx.comO1 - Hosts: 212.227.64.159 c3314.z1302.winmx.comO1 - Hosts: 205.238.40.2 c3315.z1302.winmx.comO1 - Hosts: 67.18.233.36 c3316.z1302.winmx.comO1 - Hosts: 82.43.224.20 c3317.z1302.winmx.comO1 - Hosts: 209.67.209.50 c3318.z1302.winmx.comO1 - Hosts: 212.227.64.159 c3319.z1302.winmx.comO1 - Hosts: 82.43.224.20 c3310.z1303.winmx.comO1 - Hosts: 67.18.233.36 c3311.z1303.winmx.comO1 - Hosts: 205.238.40.2 c3312.z1303.winmx.comO1 - Hosts: 82.43.224.20 c3313.z1303.winmx.comO1 - Hosts: 67.18.233.36 c3314.z1303.winmx.comO1 - Hosts: 205.238.40.2 c3315.z1303.winmx.comO1 - Hosts: 82.43.224.20 c3316.z1303.winmx.comO1 - Hosts: 67.18.233.36 c3317.z1303.winmx.comO1 - Hosts: 205.238.40.2 c3318.z1303.winmx.comO1 - Hosts: 82.43.224.20 c3319.z1303.winmx.comO1 - Hosts: 205.238.40.2 c3310.z1304.winmx.comO1 - Hosts: 67.18.233.36 c3311.z1304.winmx.comO1 - Hosts: 82.43.224.20 c3312.z1304.winmx.comO1 - Hosts: 209.67.209.50 c3313.z1304.winmx.comO1 - Hosts: 212.227.64.159 c3314.z1304.winmx.comO1 - Hosts: 205.238.40.2 c3315.z1304.winmx.comO1 - Hosts: 67.18.233.36 c3316.z1304.winmx.comO1 - Hosts: 82.43.224.20 c3317.z1304.winmx.comO1 - Hosts: 209.67.209.50 c3318.z1304.winmx.comO1 - Hosts: 212.227.64.159 c3319.z1304.winmx.comO1 - Hosts: 205.238.40.2 c3310.z1305.winmx.comO1 - Hosts: 67.18.233.36 c3311.z1305.winmx.comO1 - Hosts: 82.43.224.20 c3312.z1305.winmx.comO1 - Hosts: 209.67.209.50 c3313.z1305.winmx.comO1 - Hosts: 212.227.64.159 c3314.z1305.winmx.comO1 - Hosts: 205.238.40.2 c3315.z1305.winmx.comO1 - Hosts: 67.18.233.36 c3316.z1305.winmx.comO1 - Hosts: 82.43.224.20 c3317.z1305.winmx.comO1 - Hosts: 209.67.209.50 c3318.z1305.winmx.comO1 - Hosts: 212.227.64.159 c3319.z1305.winmx.comO1 - Hosts: 205.238.40.2 c3310.z1306.winmx.comO1 - Hosts: 67.18.233.36 c3311.z1306.winmx.comO1 - Hosts: 82.43.224.20 c3312.z1306.winmx.comO1 - Hosts: 209.67.209.50 c3313.z1306.winmx.comO1 - Hosts: 212.227.64.159 c3314.z1306.winmx.comO1 - Hosts: 205.238.40.2 c3315.z1306.winmx.comO1 - Hosts: 67.18.233.36 c3316.z1306.winmx.comO1 - Hosts: 82.43.224.20 c3317.z1306.winmx.comO1 - Hosts: 209.67.209.50 c3318.z1306.winmx.comO1 - Hosts: 212.227.64.159 c3319.z1306.winmx.comO1 - Hosts: 205.238.40.2 c3520.z1301.winmx.comO1 - Hosts: 67.18.233.36 c3521.z1301.winmx.comO1 - Hosts: 82.43.224.20 c3522.z1301.winmx.comO1 - Hosts: 209.67.209.50 c3523.z1301.winmx.comO1 - Hosts: 212.227.64.159 c3524.z1301.winmx.comO1 - Hosts: 205.238.40.2 c3525.z1301.winmx.comO1 - Hosts: 67.18.233.36 c3526.z1301.winmx.comO1 - Hosts: 82.43.224.20 c3527.z1301.winmx.comO1 - Hosts: 209.67.209.50 c3528.z1301.winmx.comO1 - Hosts: 212.227.64.159 c3529.z1301.winmx.comO1 - Hosts: 205.238.40.2 c3520.z1302.winmx.comO1 - Hosts: 67.18.233.36 c3521.z1302.winmx.comO1 - Hosts: 82.43.224.20 c3522.z1302.winmx.comO1 - Hosts: 209.67.209.50 c3523.z1302.winmx.comO1 - Hosts: 212.227.64.159 c3524.z1302.winmx.comO1 - Hosts: 205.238.40.2 c3525.z1302.winmx.comO1 - Hosts: 67.18.233.36 c3526.z1302.winmx.comO1 - Hosts: 82.43.224.20 c3527.z1302.winmx.comO1 - Hosts: 209.67.209.50 c3528.z1302.winmx.comO1 - Hosts: 212.227.64.159 c3529.z1302.winmx.comO1 - Hosts: 205.238.40.2 c3520.z1303.winmx.comO1 - Hosts: 67.18.233.36 c3521.z1303.winmx.comO1 - Hosts: 82.43.224.20 c3522.z1303.winmx.comO1 - Hosts: 209.67.209.50 c3523.z1303.winmx.comO1 - Hosts: 212.227.64.159 c3524.z1303.winmx.comO1 - Hosts: 205.238.40.2 c3525.z1303.winmx.comO1 - Hosts: 67.18.233.36 c3526.z1303.winmx.comO1 - Hosts: 82.43.224.20 c3527.z1303.winmx.comO1 - Hosts: 209.67.209.50 c3528.z1303.winmx.comO1 - Hosts: 212.227.64.159 c3529.z1303.winmx.comO1 - Hosts: 205.238.40.2 c3520.z1304.winmx.comO1 - Hosts: 67.18.233.36 c3521.z1304.winmx.comO1 - Hosts: 82.43.224.20 c3522.z1304.winmx.comO1 - Hosts: 209.67.209.50 c3523.z1304.winmx.comO1 - Hosts: 212.227.64.159 c3524.z1304.winmx.comO1 - Hosts: 205.238.40.2 c3525.z1304.winmx.comO1 - Hosts: 67.18.233.36 c3526.z1304.winmx.comO1 - Hosts: 82.43.224.20 c3527.z1304.winmx.comO1 - Hosts: 209.67.209.50 c3528.z1304.winmx.comO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmpO2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dllO2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-gb\msntb.dllO3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dllO3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO4 - HKLM\..\Run: [incrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /cO4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /ConsumerO4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInitO4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [urlLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exeO4 - HKLM\..\Run: [WireLessMouse ] C:\Program Files\TCM\TCM COMBO SET\MouseDrv.exeO4 - HKLM\..\Run: [WireLessKeyboard ] C:\Program Files\TCM\TCM COMBO SET\PS2USBKbdDrv.exeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exeO4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUPO4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exeO4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"O4 - HKCU\..\Run: [uIWatcher] C:\Program Files\Ashampoo\Ashampoo UnInstaller Suite Plus\UnInstaller Suite\UIWatcher.exeO4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [NBJ] "C:\Program Files\Nero BackItUp\NBJ.exe"O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /backgroundO4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /backgroundO4 - HKCU\..\Run: [WinMX] C:\Documents and Settings\Owner\Local Settings\Temp\Rar$EX01.937\WinMX.exe -mO4 - HKCU\..\Run: [VoipCheap] "C:\program files\voipcheap\voipcheap.exe" -nosplash -minimizedO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1O4 - HKCU\..\Run: [system Mechanic Popup Stopper] "C:\Program Files\iolo\System Mechanic 4 Professional\PopupStopper.exe"O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exeO4 - Global Startup: LG SyncManager.lnk = ?O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO4 - Global Startup: VTAgentReboot.exeO8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htmO8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.htmlO8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTMO8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.htmlO8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTMO8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dllO9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dllO9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dllO9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dllO9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)O9 - Extra 'Tools' menuitem: Show Trashcan - {072F3B8A-2DA2-40e2-B841-88899F240200} - C:\Program Files\Agnitum\Outpost Firewall 1.0\trash.exe (file missing) (HKCU)O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dllO16 - DPF: {01FE8D0A-51AD-459B-B62B-85E135128B32} (DD_v4.DDv4) - http://www.drivershq.com/DD_v4.CABO16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CABO16 - DPF: {0E8D0700-75DF-11D3-8B4A-0008C7450C4A} (DjVuCtl Class) - http://www.lizardtech.com/download/files/w...ntrol_en_US.cabO16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cabO16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedC...bin/AvSniff.cabO16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/common/Member/ClientIn...6/OCI/setup.exeO16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cabO16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cabO16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cabO16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/ac...ta/SymAData.dllO16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...398/mcfscan.cabO16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup...er/imloader.cabO16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exeO23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exeO23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exeO23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exeO23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exeO23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exeO23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exeHave downloaded the latest version of Adaware and ran it on my machine, but there was nothing else found, so I didn't think I needed to update my HijackThis Log just yet.Have done as suggested in other posts with regard to iworm_attck_v122.02a and have downloaded to my desktop SmitfraudFix choose only selection 1 and have pasted the log below. Hope that I'm not jumping the gun, but am trying to help save some time. Thank youSmitFraudFix v2.65Scan done at 18:00:44.90, 27/06/2006Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFixOS: Microsoft Windows XP [Version 5.1.2600] - Windows_NTFix ran in normal mode»»»»»»»»»»»»»»»»»»»»»»»» C:\C:\secure32.html FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWSC:\WINDOWS\secure32.html FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32C:\WINDOWS\system32\atmclk.exe FOUND !C:\WINDOWS\system32\hp???.tmp FOUND !C:\WINDOWS\system32\hp????.tmp FOUND !C:\WINDOWS\system32\ld????.tmp FOUND !C:\WINDOWS\system32\ot.ico FOUND !C:\WINDOWS\system32\regperf.exe FOUND !C:\WINDOWS\system32\simpole.tlb FOUND !C:\WINDOWS\system32\stdole3.tlb FOUND !C:\WINDOWS\system32\ts.ico FOUND !C:\WINDOWS\system32\1024\ FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Owner\Application Data»»»»»»»»»»»»»»»»»»»»»»»» Start Menu»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Owner\FAVORI~1C:\DOCUME~1\Owner\FAVORI~1\Antivirus Test Online.url FOUND !»»»»»»»»»»»»»»»»»»»»»»»» DesktopC:\DOCUME~1\ALLUSE~1\Desktop\Online Security Guide.url FOUND !C:\DOCUME~1\ALLUSE~1\Desktop\Security Troubleshooting.url FOUND !»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]"Source"="http://www.where-to-fish.com/pics/ftile2.jpg""SubscribedURL"="http://www.where-to-fish.com/pics/ftile2.jpg""FriendlyName"=""[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]"Source"="http://www.airberlin.com/site/images/startseite/standard/airberlin_r1_c1.gif""SubscribedURL"="http://www.airberlin.com/site/images/startseite/standard/airberlin_r1_c1.gif""FriendlyName"=""[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\2]"Source"="About:Home""SubscribedURL"="About:Home""FriendlyName"="My Current Home Page"»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler!!!Attention, following keys are not inevitably infected!!!SrchSTS.exe by S!RiSearch SharedTaskScheduler's .dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]"{af3fd9a8-1287-4159-9212-9a5b4494af70}"="ecosystems"»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection»»»»»»»»»»»»»»»»»»»»»»»» End Link to post Share on other sites
Christopher_35 Posted June 28, 2006 Author Report Share Posted June 28, 2006 Thank you, but I am now receiving help with this topic Link to post Share on other sites
Steamhead Posted June 28, 2006 Report Share Posted June 28, 2006 Do you still need any help with this topic? Link to post Share on other sites
Matt Posted July 11, 2006 Report Share Posted July 11, 2006 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Link to post Share on other sites
Recommended Posts