1> Security Alert pop-up box stating my computer is infected
2> Anti Virus shows in Auto-Protect a Risk of Trojan.Pandex - Action taken: Quarantined
I have run Spybot, Malaware, and SDFix - to no avail...it seems.
my latest issue is a c:command pop-up box (16-Bit MS-Dos System)
c:\document\alluser\app\16197344\16197344.exe the NTVDM CPU has encountered illegal instruction - please close
Here are some data from programs generated earlier. Please let me know if can help...thanks!!
Christine
SmitFraudFix v2.423
Scan done at 12:18:35.51, Thu 07/09/2009
Run from C:\Documents and Settings\chpah\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix
Agent.OMZ.Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» RK
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Broadcom NetLink Gigabit Ethernet - Packet Scheduler Miniport
DNS Server Search Order: 68.87.76.182
DNS Server Search Order: 68.87.78.134
HKLM\SYSTEM\CCS\Services\Tcpip\..\{5440D0AB-69B2-4A27-AAF6-E05895BF5868}: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CS2\Services\Tcpip\..\{5440D0AB-69B2-4A27-AAF6-E05895BF5868}: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CS3\Services\Tcpip\..\{5440D0AB-69B2-4A27-AAF6-E05895BF5868}: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.76.182 68.87.78.134
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.76.182 68.87.78.134
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» RK.2
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
SDFix: Version 1.240
Run by CHPAH on Thu 07/09/2009 at 12:24
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix
Checking Services :
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
Checking Files :
No Trojan Files Found
Removing Temp Files
ADS Check :
Final Check :
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 12:37:14
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4DFF68B1-4A5E-837F-8183-D6764CA2A251}]
"oandmpgmgkolgjjbaikmlfghjlnkje"=hex:6a,61,6a,63,68,66,6c,6b,6d,6a,6c,63,6f,62,68,6d,65,68,70,67,00,..
"nahcbpjepnkglelimoaaoppelgaa"=hex:6a,61,6a,63,68,66,6c,6b,6d,6a,6c,63,6f,62,68,6d,65,68,70,67,00,..
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services :
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE"="C:\\Program Files\\Altiris\\AClient\\AClntUsr.EXE:*:Enabled:AClntUsr - AClient Interactive User Service"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radexecd.exe:*:Enabled:radexecd"
"C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RadUIShell.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\RadUIShell.exe:*:Enabled:raduishell"
"C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe"="C:\\Program Files\\Hewlett-Packard\\PC COE 3\\OV CMS\\radtray.exe:*:Enabled:radtray"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Documents and Settings\\chpah\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"="C:\\Documents and Settings\\chpah\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe:*:Enabled:TimeBridge Connector for Outlook "
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Documents and Settings\\chpah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="C:\\Documents and Settings\\chpah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\\Documents and Settings\\chpah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\chpah\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Office Communicator\\communicator.exe"="C:\\Program Files\\Microsoft Office Communicator\\communicator.exe:*:Enabled:Communicator"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\\Documents and Settings\\chpah\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe"="C:\\Documents and Settings\\chpah\\Application Data\\TimeBridge\\TimeBridge Connector for Outlook\\TimeBridgeConnectorForOutlook.exe:*:Enabled:TimeBridge Connector for Outlook "
Remaining Files :
Files with Hidden Attributes :
Thu 28 Aug 2008 210 A.SHR --- "C:\BOOT.BAK"
Tue 7 Jul 2009 41,984 ...H. --- "C:\Documents and Settings\chpah\chpah.exe"
Tue 25 Mar 2008 72,704 ..SHR --- "C:\Program Files\Artizen HDR\Setup.exe"
Tue 3 Aug 2004 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Mon 26 Jan 2009 1,740,632 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Mon 26 Jan 2009 5,365,592 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Thu 5 Mar 2009 2,260,480 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Thu 18 Dec 2008 164,352 ...H. --- "C:\data\My Documents\Projects\K2\~WRL2630.tmp"
Sun 21 Sep 2008 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Thu 6 Nov 2008 434,688 ...H. --- "C:\Documents and Settings\chpah\Desktop\Personal\Swimming Pool\~WRL0160.tmp"
Fri 9 Mar 2007 25,600 A..H. --- "C:\Documents and Settings\chpah\My Documents\My Music\Sheet Music\~WRL1793.tmp"
Fri 9 Mar 2007 54,272 A..H. --- "C:\Documents and Settings\chpah\My Documents\My Music\Sheet Music\~WRL3601.tmp"
Mon 28 Jul 2008 303,616 A..H. --- "C:\data\My Documents\Personal\Diamond Creek School\Files from Leah\2008-2009\~WRL2768.tmp"
Tue 2 Dec 2008 25,088 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Burrito Bingo\~WRL2879.tmp"
Tue 2 Dec 2008 25,088 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Burrito Bingo\~WRL3534.tmp"
Tue 2 Dec 2008 25,088 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Burrito Bingo\~WRL3575.tmp"
Fri 22 May 2009 49,664 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Field Day\~WRL1618.tmp"
Mon 25 May 2009 34,304 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Finance\~WRL1165.tmp"
Mon 25 May 2009 34,816 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Finance\~WRL3329.tmp"
Wed 6 May 2009 40,960 ...H. --- "C:\data\My Documents\Personal\Diamond Creek School\PTC2008-2009\Meeting Agendas\~WRL2822.tmp"
Sat 6 Jun 2009 204,272 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4A.tmp"
Sun 7 Jun 2009 164,004 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4B.tmp"
Wed 10 Jun 2009 164,040 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4C.tmp"
Wed 10 Jun 2009 0 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4D.tmp"
Wed 10 Jun 2009 0 A..H. --- "C:\Documents and Settings\chpah\Local Settings\Application Data\Microsoft\Outlook\BIT4E.tmp"
Thu 12 May 2005 4,348 A..H. --- "C:\Documents and Settings\chpah\My Documents\My Music\iTunes\Veggie Tales\License Backup\drmv1key.bak"
Mon 20 Nov 2006 20 A..H. --- "C:\Documents and Settings\chpah\My Documents\My Music\iTunes\Veggie Tales\License Backup\drmv1lic.bak"
Thu 12 May 2005 400 A.SH. --- "C:\Documents and Settings\chpah\My Documents\My Music\iTunes\Veggie Tales\License Backup\drmv2key.bak"
Finished!