Flashing virus alert in sys tray

Computing.Net > Forums > Security and Virus > Flashing virus alert in sys tray

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Flashing virus alert in sys tray

Name: Thomas Gyles
Date: May 10, 2006 at 20:23:09 Pacific
OS: Windows XP Pro
CPU/Ram: Pentium III 933Mz
Product: not availiable

Comment:

comes up with
Virus alert
"Critical System Error"
Click here to download the latest antimalware software
automatically downloads spyfalcon when clicked on
I removed all the spyware/keyloggers through Zone alarm, Microsoft antispyware, and Norton Antivirus 2005
they no longer come up with any viruses or spyware
but still the flashing icon

Sponsored Link

Ads by Google

Response Number 1

Name: Thomas Gyles
Date: May 10, 2006 at 20:23:56 Pacific

Reply:

also, i know it was Spyaxe

Response Number 2

Name: jabuck
Date: May 10, 2006 at 21:31:42 Pacific

Reply:

Please download SmitRemFix from this link http://siri.geekstogo.com/SmitfraudFix.php Then extract the contents to your desktop.
Open the "SmitfraudFix" folder and double-click "smitfraudfix.cmd"
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
Post this but do not run any of the other options yet as they can damage the computer if smitfruad is not present

Response Number 3

Name: Thomas Gyles
Date: May 10, 2006 at 21:36:03 Pacific

Reply:

here it is

SmitFraudFix v2.42
Scan done at 21:39:49.10, Wed 05/10/2006
Run from C:\Documents and Settings\McCarr\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\atmclk.exe FOUND !
C:\WINDOWS\system32\regperf.exe FOUND !
C:\WINDOWS\system32\simpole.tlb FOUND !
C:\WINDOWS\system32\stdole3.tlb FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\McCarr\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"
[HKEY_CLASSES_ROOT\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\system32\appmagr.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{64ba30a2-811a-4597-b0af-d551128be340}\InProcServer32]
@="C:\WINDOWS\system32\appmagr.dll"

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Response Number 4

Name: Thomas Gyles
Date: May 10, 2006 at 21:46:08 Pacific

Reply:

ty so far, i didnt realize that ur pretty much helping everyone on this forum

Response Number 5

Name: jabuck
Date: May 10, 2006 at 21:46:11 Pacific

Reply:

Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the "SmitfraudFix" folder again and double-click "smitfraudfix.cmd"
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing " Y " and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if "wininet.dll " is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing "Y" and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Also post back with a your Hijack This log.
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Download Ewido Security Suite then set it up this way Ewido Setup Instructions We will need this later in safe mode
Be sure to update Ewido

stream.sys w29n51.sys ntidrvr.sys usbehci.sys usbhci.sys nuvision.sys cdfs.sys nuvision.sys igxpmp32.sys rt2500.sys	va16365.sys system32.sys tridwave.sys symtdi.sys SPCA561.sys nic1394.sys necustor.sys spca651.sys cdr4_2k.sys dbclass.sys
See More

Response Number 6

Name: Thomas Gyles
Date: May 10, 2006 at 21:48:28 Pacific

Reply:

ill be back in an hour or 2
maybe tommorow
ty so far

Response Number 7

Name: Thomas Gyles
Date: May 10, 2006 at 22:56:05 Pacific

Reply:

SmitFraudFix v2.42
Scan done at 22:51:52.79, Wed 05/10/2006
Run from C:\Documents and Settings\McCarr\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
»»»»»»»»»»»»»»»»»»»»»»»» Killing process

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\atmclk.exe Deleted
C:\WINDOWS\system32\regperf.exe Deleted
C:\WINDOWS\system32\simpole.tlb Deleted
C:\WINDOWS\system32\stdole3.tlb Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» End

Response Number 8

Name: Thomas Gyles
Date: May 10, 2006 at 23:03:53 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 11:06:27 PM, on 5/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\1138332821\ee\AOLSoftware.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\McCarr\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138332821\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O20 - AppInit_DLLs: pushow0.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Response Number 9

Name: Thomas Gyles
Date: May 10, 2006 at 23:55:02 Pacific

Reply:

ewido anti-malware - Scan report

+ Created on: 11:53:54 PM, 5/10/2006
+ Report-Checksum: 9007B480
+ Scan result:
[700] C:\WINDOWS\system32\pushow0.dll -> Hijacker.Agent.hi : Cleaned with backup
:mozilla.6:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.7:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.8:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.9:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.10:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.11:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.13:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.25:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.26:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.27:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.28:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.51:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.52:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.53:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.54:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.55:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.56:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.57:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.65:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.66:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.67:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.68:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.69:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.70:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.71:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.72:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.73:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.82:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.83:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
:mozilla.84:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.85:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.88:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Valuead : Cleaned with backup
:mozilla.90:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.91:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
:mozilla.149:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.150:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.151:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
:mozilla.152:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\McCarr\Cookies\mccarr@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\McCarr\Cookies\mccarr@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\McCarr\Cookies\mccarr@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\McCarr\Cookies\mccarr@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\McCarr\Cookies\mccarr@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\McCarr\Cookies\mccarr@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\McCarr\Cookies\mccarr@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\WINDOWS\system32\pushow0.dll -> Hijacker.Agent.hi : Cleaned with backup
C:\WINDOWS\system32\pushow17.dll -> Hijacker.Agent.hi : Cleaned with backup
C:\WINDOWS\system32\pushow41.dll -> Hijacker.Agent.hi : Cleaned with backup

::Report End

Response Number 10

Name: jabuck
Date: May 11, 2006 at 06:28:48 Pacific

Reply:

Looks a lot better, but some more work to do.
Reboot into safe mode.
Run Hijack This from safe mode, close all windows except HT, place a check to the left of these items and press "fix checked"
R3 - Default URLSearchHook is missing
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O20 - AppInit_DLLs: pushow0.dll
While still in safe mode run Ewido again. Run ATF-Cleaner. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Reboot, then post the ewido log and a new HT log.
Run this free online scan from Kaspersky http://kaspersky.com/kos/english/kavwebscan.html
Click Accept
When the updates are finished downloading, click Next, Scan Settings
Under Scan using the following antivirus database:, select extended
Make sure the Scan Archives and Scan Mail Bases options are selected as well. Click OK
Click My Computer and wait for the scan to finish
Click Save Report As. Under Save as type:, select Text file. Save this log to your Desktop and post a copy of it here.

Response Number 11

Name: Thomas Gyles
Date: May 11, 2006 at 15:42:41 Pacific

Reply:

kk will do

Response Number 12

Name: Thomas Gyles
Date: May 11, 2006 at 16:32:58 Pacific

Reply:

Logfile of HijackThis v1.99.1
Scan saved at 3:49:52 PM, on 5/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.exe
C:\Documents and Settings\McCarr\Desktop\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.exe C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.exe C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1138332821\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O13 - DefaultPrefix:
O13 - WWW Prefix:
O13 - Home Prefix:
O13 - Mosaic Prefix:
O13 - FTP Prefix:
O13 - Gopher Prefix:
O20 - AppInit_DLLs: pushow0.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Response Number 13

Name: Thomas Gyles
Date: May 11, 2006 at 16:34:44 Pacific

Reply:

ewido anti-malware - Scan report

+ Created on: 4:31:36 PM, 5/11/2006
+ Report-Checksum: FD2D09FB
+ Scan result:
:mozilla.17:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.18:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.19:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.20:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.21:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.22:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.24:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.30:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.31:C:\Documents and Settings\McCarr\Application Data\Mozilla\Firefox\Profiles\jhmv968p.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

::Report End

Response Number 14

Name: Thomas Gyles
Date: May 11, 2006 at 16:51:31 Pacific

Reply:

kaspersky isnt working

Response Number 15

Name: Thomas Gyles
Date: May 11, 2006 at 17:47:18 Pacific

Reply:

dont bother helping anymore, im just gonna wipe the os and hard drives and re install windows
thx anyway, i learned of a great comunity to get help

Response Number 16

Name: jabuck
Date: May 11, 2006 at 19:40:01 Pacific

Reply:

Looks like the Kaspersky scanner is working now, had to step out for a bit.

Sponsored Link

Ads by Google

nicksupdater.exe keylogg...

winjvd32.dll - Remove

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Flashing virus alert in sys tray

Virus Alert in system tray

Summary

www.computing.net/answers/security/virus-alert-in-system-tray/18423.html

VIRUS ALERT! on taskbar (9/17/2008)

Summary

www.computing.net/answers/security/virus-alert-on-taskbar-9172008/23440.html

Virus Alert in Taksbar

Summary

www.computing.net/answers/security/virus-alert-in-taksbar/18666.html

From the Geek Dictionary
1080i - A vertical display resolution of 1080 which is drawn in interlaced mode.

Ask a Question!

Weekly Poll
Do you think Comcast should have bought NBC?

Poll Finishes In 4 Days.
Discuss in The Lounge
Poll History

Recent Posts
no sound

get a website for just Rs.2499/year.

list sumif

At least one service or driver failed during

Old Motherboard Problem (RAM)

All Awaiting Reply

Tom's News
N64 Mini is Tiny, Portable Nintendo 64

Storm8: We're Not Collecting Private iPhone Data

Sony's PlayStation Turns 15

Russia 1st to Get LG's Borderless LCD HDTV

Leaked File Reveals Yahoo's Spy Service

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE