1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

home page hijacked by securityhomepage

Discussion in 'Virus & Other Malware Removal' started by singhal, Aug 9, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. singhal

    singhal Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    Dear Sir,

    My internet home page is hijacked by securityhomepage. I not able t see other sites. It always popup different antispyware sites.

    I read in previous posts & downloaded smitfraudfix.cmd file, which I run on my computer.
    result of it is as under:

    SmitFraudFix v2.81

    Scan done at 17:57:54.29, Wed 08/09/2006
    Run from E:\Documents and Settings\Deepak\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» E:\


    »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Deepak\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» E:\DOCUME~1\Deepak\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files

    E:\Program Files\IntCodec\ FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End


    Pls help me out.

    Thanks

    Deepak
     
  2. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    Hi singhal

    Welcome to TSG! :)

    Please do this:

    * Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Doubleclick on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

    * Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
     
  3. singhal

    singhal Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    thanks for your support,the log is as under
    Logfile of HijackThis v1.99.1
    Scan saved at 3:16:51 PM, on 8/10/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\csrss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    E:\Program Files\Norton AntiVirus\navapsvc.exe
    E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    E:\Program Files\Spyware Doctor\sdhelp.exe
    E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    E:\WINDOWS\system32\wdfmgr.exe
    E:\WINDOWS\System32\alg.exe
    E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    E:\WINDOWS\AGRSMMSG.exe
    E:\Program Files\Apoint2K\Apoint.exe
    E:\WINDOWS\system32\igfxtray.exe
    E:\WINDOWS\system32\hkcmd.exe
    E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    E:\Program Files\Apoint2K\Apntex.exe
    E:\WINDOWS\system32\dla\tfswctrl.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    E:\WINDOWS\system32\wbem\wmiprvse.exe
    E:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\HPQ\shared\hpqwmi.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    E:\Program Files\Spyware Doctor\swdoctor.exe
    E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    E:\Program Files\LimeWire\LimeWire.exe
    E:\WINDOWS\webshots.scr
    E:\Program Files\Internet Explorer\iexplore.exe
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    E:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    E:\Program Files\Hijackthis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {1da7dbe8-c51b-4ae4-bc6e-21863349b0b4} - E:\Program Files\IntCodec\isaddon.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - E:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - E:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: Mario Forever Toolbar Helper - {8036D4D7-AAD3-4793-AB49-329E437155A8} - E:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - E:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - E:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Mario Forever Toolbar - {463DF6D5-BEC1-4d67-B217-59DB692DFC53} - E:\Program Files\Mario Forever Toolbar\v2.0.0.4\Mario_Forever_Toolbar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] E:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] E:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Cpqset] E:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [iTunesHelper] E:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [dla] E:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] E:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [Spyware Doctor] "E:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: DVD Check.lnk = E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - E:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - E:\Program Files\Spyware Doctor\sdhelp.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

    ----------------------------------------------------------------------------------
    Log of Misc tools sec/uninstall manager is under

    Adobe Flash Player 9
    Adobe Reader 6.0
    Agere Systems AC'97 Modem
    Ahead InCD EasyWrite Reader
    ALPS Touch Pad Driver
    BitComet 0.70
    Broadcom 802.11 Wireless LAN Adapter
    ccCommon
    Diagnostics for Windows
    Google Toolbar for Internet Explorer
    Hijackthis 1.99.1
    HijackThis 1.99.1
    HP Help and Support
    HP Integrated Module with Bluetooth wireless technology
    HP Software Update
    HP Wireless Assistant 1.01 B2
    Image Transfer
    ImageMixer for Sony
    Intel(R) Graphics Media Accelerator Driver for Mobile
    Internet Security Add-On
    Internet Worm Protection
    InterVideo DVD Check
    InterVideo WinDVD
    iTunes
    J2SE Runtime Environment 5.0 Update 4
    LimeWire 4.12.4
    LiveUpdate 3.0 (Symantec Corporation)
    Mario Forever 3.5
    Mario Forever Toolbar
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft Office Professional Edition 2003
    NAVShortcut
    Nero 6
    Nero Media Player
    NeroVision Express 2
    Norton AntiVirus 2006
    Norton AntiVirus 2006 (Symantec Corporation)
    Norton AntiVirus Help
    Norton AntiVirus Parent MSI
    Norton AntiVirus SYMLT MSI
    Norton Protection Center
    Norton WMI Update
    PowerDVD
    Public Messenger ver 2.03
    Quick Launch Buttons 5.20 B3
    QuickTime
    RealPlayer
    REALTEK Gigabit and Fast Ethernet NIC Driver
    Security Update for Windows Media Player (KB911564)
    Security Update for Windows Media Player 10 (KB917734)
    Security Update for Windows XP (KB890046)
    Security Update for Windows XP (KB893756)
    Security Update for Windows XP (KB896358)
    Security Update for Windows XP (KB896423)
    Security Update for Windows XP (KB896424)
    Security Update for Windows XP (KB896428)
    Security Update for Windows XP (KB899587)
    Security Update for Windows XP (KB899589)
    Security Update for Windows XP (KB899591)
    Security Update for Windows XP (KB900725)
    Security Update for Windows XP (KB901017)
    Security Update for Windows XP (KB901214)
    Security Update for Windows XP (KB902400)
    Security Update for Windows XP (KB904706)
    Security Update for Windows XP (KB905414)
    Security Update for Windows XP (KB905749)
    Security Update for Windows XP (KB908519)
    Security Update for Windows XP (KB911562)
    Security Update for Windows XP (KB911567)
    Security Update for Windows XP (KB911927)
    Security Update for Windows XP (KB912919)
    Security Update for Windows XP (KB913580)
    Security Update for Windows XP (KB914388)
    Security Update for Windows XP (KB914389)
    Security Update for Windows XP (KB916281)
    Security Update for Windows XP (KB917159)
    Security Update for Windows XP (KB917344)
    Security Update for Windows XP (KB917953)
    Security Update for Windows XP (KB918439)
    Security Update for Windows XP (KB921883)
    Sonic Audio Module
    Sonic Copy Module
    Sonic Data Module
    Sonic DLA
    Sonic Express Labeler
    Sonic MyDVD Plus
    Sonic Update Manager
    Sony USB Driver
    SoundMAX
    SPBBC
    Spyware Doctor 4.0
    Symantec
    Texas Instruments PCIxx21/x515 drivers.
    Ulead PhotoImpact 10 ESD
    Update for Windows XP (KB894391)
    Update for Windows XP (KB898461)
    Update for Windows XP (KB900485)
    Update for Windows XP (KB908531)
    Update for Windows XP (KB910437)
    Update for Windows XP (KB911280)
    Update for Windows XP (KB916595)
    Webshots Desktop
    Winamp (remove only)
    Windows Installer 3.1 (KB893803)
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB883667
    Windows XP Hotfix - KB884575
    Windows XP Hotfix - KB885464
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885855
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888239
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB892559
    Yahoo! Anti-Spy
    Yahoo! Toolbar for Internet Explorer

    Pls give me further guidance
    thanks

    deepak
     
  4. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    I apologize for not getting back to you sooner. My son was admitted to the hospital early yesterday morning with a mysterious infection. I have been unable to be online until now. I don't know how prompt I will be with my replies for the next few days, but I will do my best to reply a quickly as possible.

    * Go to Add/Remove programs and uninstall this old version of Java:

    J2SE Runtime Environment 5.0 Update 4


    * Now go here and install the latest version of Java.


    * Click here for info on how to boot to safe mode if you don't already know how.


    * Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


    * Restart your computer into safe mode now. Perform the following steps in safe mode:


    * Run the SmitfraudFix:
    • Open the SmitfraudFix folder again and double-click the smitfraudfix.cmd file.
    • Select option #2 - Clean by typing 2 and press "Enter" to delete the infected files.
    • You will receive this prompt:
      • "Registry cleaning - Do you want to clean the registry ?"
    • Answer "Yes" by typing Y and press "Enter" and it will begin cleaning the infection.
    • Next the tool will check to see if wininet.dll is infected.
    • You may be prompted to replace the infected wininet.dll file if it is found.
    • Answer "Yes" by typing Y and press "Enter".
    • The tool may need to restart your computer to finish the cleaning process.
    • If it doesn't restart your computer automatically when it is finished, restart it back to Windows normally yourself.
    • A text file will appear onscreen, with results from the cleaning process.
    • Copy and paste the contents of that report into your next reply to this thread along with a new Hijack This log.
    • If the report doesn't open after you restart back to Windows normally, the report can be found at the root of the system drive, usually C:\rapport.txt.
     
  5. singhal

    singhal Thread Starter

    Joined:
    Aug 9, 2006
    Messages:
    7
    I hope ur son wil be fine noe & I pray for his health.

    The report of sritfraud is as under
    --------------------------
    SmitFraudFix v2.81

    Scan done at 7:58:07.23, Sat 08/12/2006
    Run from E:\Documents and Settings\Deepak\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    Fix ran in safe mode

    »»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "bestreak"="{874443fe-aa33-4ebf-a6ac-73208787e62d}"


    »»»»»»»»»»»»»»»»»»»»»»»» Killing process


    »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

    GenericRenosFix by S!Ri


    »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

    E:\Program Files\IntCodec\ Deleted

    »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


    »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

    Registry Cleaning done.

    -------------------------------
    Hijack log is as under

    Logfile of HijackThis v1.99.1
    Scan saved at 8:13:06 AM, on 8/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    E:\WINDOWS\System32\smss.exe
    E:\WINDOWS\system32\winlogon.exe
    E:\WINDOWS\system32\services.exe
    E:\WINDOWS\system32\lsass.exe
    E:\WINDOWS\system32\svchost.exe
    E:\WINDOWS\System32\svchost.exe
    E:\WINDOWS\Explorer.EXE
    E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    E:\WINDOWS\system32\spoolsv.exe
    E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    E:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    E:\Program Files\Norton AntiVirus\navapsvc.exe
    E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    c:\Program Files\Veoh\VeohClientService.exe
    E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    E:\WINDOWS\AGRSMMSG.exe
    E:\Program Files\Apoint2K\Apoint.exe
    E:\WINDOWS\system32\igfxtray.exe
    E:\WINDOWS\system32\hkcmd.exe
    E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    E:\WINDOWS\system32\dla\tfswctrl.exe
    E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    E:\Program Files\Apoint2K\Apntex.exe
    E:\Program Files\Common Files\Symantec Shared\ccApp.exe
    E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
    E:\Program Files\Messenger\msmsgs.exe
    E:\Program Files\HPQ\shared\hpqwmi.exe
    E:\WINDOWS\System32\svchost.exe
    E:\Program Files\Common Files\Real\Update_OB\realsched.exe
    E:\Program Files\iTunes\iTunesHelper.exe
    E:\Program Files\QuickTime\qttask.exe
    E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    E:\WINDOWS\system32\ctfmon.exe
    E:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    E:\Program Files\Google\Google Talk\googletalk.exe
    E:\Program Files\iPod\bin\iPodService.exe
    E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
    E:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    E:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
    E:\Program Files\LimeWire\LimeWire.exe
    E:\WINDOWS\webshots.scr
    E:\Program Files\BitComet\BitComet.exe
    E:\Program Files\Internet Explorer\IEXPLORE.EXE
    E:\WINDOWS\system32\wuauclt.exe
    E:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    E:\Program Files\Hijackthis\HijackThis.exe
    E:\Program Files\Symantec\LiveUpdate\AUpdate.exe
    E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    E:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    E:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    E:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
    E:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - E:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - E:\Program Files\Norton AntiVirus\NavShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - e:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - E:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - e:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SoundMAXPnP] E:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] E:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [Apoint] E:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [IgfxTray] E:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] E:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Cpqset] E:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [WatchDog] E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] E:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] E:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [dla] E:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] E:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] E:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ccApp] "E:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [RemoteControl] "E:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [Ulead AutoDetector v2] E:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
    O4 - HKLM\..\Run: [TkBellExe] "E:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] E:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] E:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [googletalk] "E:\Program Files\Google\Google Talk\googletalk.exe" /autostart
    O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Startup: LimeWire On Startup.lnk = E:\Program Files\LimeWire\LimeWire.exe
    O4 - Startup: Webshots.lnk = E:\Program Files\Webshots\Launcher.exe
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: DVD Check.lnk = E:\Program Files\InterVideo\DVD Check\DVDCheck.exe
    O4 - Global Startup: Image Transfer.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send To &Bluetooth - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - E:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - E:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - E:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - E:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - E:\Program Files\HPQ\shared\hpqwmi.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - E:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - E:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
    O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - E:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - E:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: SPBBCSvc - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - E:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: Veoh Client Service - Veoh Networks, Inc. - c:\Program Files\Veoh\VeohClientService.exe

    --------------------

    I thank you for ur support.

    Thanks
     
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Go here and do the BitDefender online virus scan.
    • Click "I Agree" to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click "Click here to scan" to begin the scan.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on "Click here to export the scan results"
    • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

    Note: You have to use Internet Explorer to do the online scan.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/490915

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice