Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Warning: Your computer is infected


  • Please log in to reply

#1
stuckinmuck

stuckinmuck

    New Member

  • Member
  • Pip
  • 1 posts
Hello - I have a number of issues (not sure if they are related)
1> Security Alert pop-up box stating my computer is infected
2> Anti Virus shows in Auto-Protect a Risk of Trojan.Pandex - Action taken: Quarantined

I have run Spybot, Malaware, and SDFix - to no avail...it seems.
my latest issue is a c:command pop-up box (16-Bit MS-Dos System)
c:\document\alluser\app\16197344\16197344.exe the NTVDM CPU has encountered illegal instruction - please close

Here are some data from programs generated earlier. Please let me know if can help...thanks!!
Christine

SmitFraudFix v2.423

Scan done at 12:18:35.51, Thu 07/09/2009
Run from C:\Documents and Settings\chpah\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom NetLink Gigabit Ethernet - Packet Scheduler Miniport
DNS Server Search Order: 68.87.76.182
DNS Server Search Order: 68.87.78.134

HKLM\SYSTEM\CCS\Services\Tcpip\..\{5440D0AB-69B2-4A27-AAF6-E05895BF5868}: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5440D0AB-69B2-4A27-AAF6-E05895BF5868}: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5440D0AB-69B2-4A27-AAF6-E05895BF5868}: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.76.182 68.87.78.134


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» RK.2



»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End


SDFix: Version 1.240
Run by CHPAH on Thu 07/09/2009 at 12:24

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 12:37:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4DFF68B1-4A5E-837F-8183-D6764CA2A251}]
"oandmpgmgkolgjjbaikmlfghjlnkje"=hex:6a,61,6a,63,68,66,6c,6b,6d,6a,6c,63,6f,62,68,6d,65,68,70,67,00,..
"nahcbpjepnkglelimoaaoppelgaa"=hex:6a,61,6a,63,68,66,6c,6b,6d,6a,6c,63,6f,62,68,6d,65,68,70,67,00,..

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"="C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe:*:Enabled:radexecd"
"C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RadUIShell.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RadUIShell.exe:*:Enabled:raduishell"
"C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe:*:Enabled:radtray"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\chpah\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"="C:\\Documents and Settings\\chpah\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe:*:Enabled:TimeBridge Connector for Outlook "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\chpah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="C:\\Documents and Settings\\chpah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\\Documents and Settings\\chpah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\chpah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communicator"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Documents and Settings\\chpah\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"="C:\\Documents and Settings\\chpah\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe:*:Enabled:TimeBridge Connector for Outlook "

Remaining Files :



Files with Hidden Attributes :

Thu 28 Aug 2008 210 A.SHR --- "C:\BOOT.BAK"
Tue 7 Jul 2009 41,984 ...H. --- "C:\Documents and Settings\chpah\chpah.exe"
Tue 25 Mar 2008 72,704 ..SHR --- "C:\Program Files\Artizen HDR\Setup.exe"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 18 Dec 2008 164,352 ...H. --- "C:\data\My Documents\Projects\K2\~WRL2630.tmp"
Sun 21 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 6 Nov 2008 434,688 ...H. --- "C:\Documents and Settings\chpah\Desktop\Personal\Swimming Pool\~WRL0160.tmp"
Fri 9 Mar 2007 25,600 A..H. --- "C:\Documents and Settings\chpah\My Documents\My Music\Sheet Music\~WRL1793.tmp"
Fri 9 Mar 2007 54,272 A..H. --- "C:\Documents and Settings\chpah\My Documents\My Music\Sheet Music\~WRL3601.tmp"
Mon 28 Jul 2008 303,616 A..H. --- "C:\data\My Documents\Personal\Diamond Creek School\Files from Leah\2008-2009\~WRL2768.tmp"
Tue 2 Dec 2008 25,088 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Burrito Bingo\~WRL2879.tmp"
Tue 2 Dec 2008 25,088 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Burrito Bingo\~WRL3534.tmp"
Tue 2 Dec 2008 25,088 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Burrito Bingo\~WRL3575.tmp"
Fri 22 May 2009 49,664 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Field Day\~WRL1618.tmp"
Mon 25 May 2009 34,304 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Finance\~WRL1165.tmp"
Mon 25 May 2009 34,816 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Finance\~WRL3329.tmp"
Wed 6 May 2009 40,960 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Meeting Agendas\~WRL2822.tmp"
Sat 6 Jun 2009 204,272 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4A.tmp"
Sun 7 Jun 2009 164,004 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4B.tmp"
Wed 10 Jun 2009 164,040 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4C.tmp"
Wed 10 Jun 2009 0 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4D.tmp"
Wed 10 Jun 2009 0 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4E.tmp"
Thu 12 May 2005 4,348 A..H. --- "C:\Documents and Settings\chpah\My Documents\My Music\iTunes\Veggie Tales\License Backup\drmv1key.bak"
Mon 20 Nov 2006 20 A..H. --- "C:\Documents and Settings\chpah\My Documents\My Music\iTunes\Veggie Tales\License Backup\drmv1lic.bak"
Thu 12 May 2005 400 A.SH. --- "C:\Documents and Settings\chpah\My Documents\My Music\iTunes\Veggie Tales\License Backup\drmv2key.bak"

Finished!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP