This is the first time I am writing and I really think my Computer neesd ur divine intervention.I use windows XP and I have loads of Windows hotfix patches that the automatic updates give me.
I have two problems , kindly answer my questions.
1) I was beseiged by www.quicknavigate.com , no matter what I typed in the address bar quicknavigate is all that opened and soon after that the status bar would disappear and I got very frustrated.I then updated my McAfee VirusScan and also downloaded this software called SPYBOT SEARCH & DESTROY from this site called www.download.com and scanned my computer and finally got rid of the quicknavaigate webpage though I still think I am having some problems.
2) Last night when I was using my computer I think Smitfraud found its way into my computer and now thanks to it I dont have my desktop image any more.i think I found a wp.bmp in my system and deleted it without thinking twice. VirusScan and Spybot S&D dont find anything wrong in my computer but i smell impending doom.I read other ppls threads and run the aboutbuster and winsockfix softwares u have on ur site. but no results.the Display properties are as blank as they can be.When connected to the internet my web browser keeps opening up pages that tell me my computer is being attacked and its being monitored and pages with MSN logos that tell me to click on certain links to download virus removal tools but i just close them since they look very suspiciouos. Also in the system tray a yellow triangle with an exclamation marks keeps popping up and tells me to My computer is being tracked and its at a risk.Help me, I need to get rid of this stuff from my computer.
I can only boot thru my harddisk.Can u also tell me about a few good tasks I can do regularly to keep my computer running in a good condition and also protected from Viruses,trojans and thearts.Aslo suggest a nice firewall.Heres my Hiack this log
Logfile of HijackThis v1.99.1
Scan saved at 5:13:36 AM, on 5/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
D:\Program Files\Network Associates\VirusScan\Mcshield.exe
D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\popuper.exe
D:\WINDOWS\System32\msole32.exe
D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
D:\WINDOWS\System32\intmonp.exe
D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
D:\WINDOWS\VM_STI.EXE
D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe
D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
D:\Program Files\Yahoo!\Messenger\ypager.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\System32\wuauclt.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Documents and Settings\SAIF\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.quicknavigate.com/bar.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://qfind.net/bar/index.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
F2 - REG:system.ini: Shell=Explorer.exe,
O2 - BHO: VMHomepage Class - {FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF} - D:\WINDOWS\System32\hpADF3.tmp (file missing)
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - D:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\hi\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ShStatEXE] "D:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "D:\Program Files\Network Associates\Common Framework\UpdaterUI.exe"
O4 - HKLM\..\Run: [BigDogPath] D:\WINDOWS\VM_STI.EXE LG Web Camera driver
O4 - HKLM\..\Run: [msnappau] "D:\Program Files\MSN Apps\Updater\01.02.3000.1001\hi\msnappau.exe"
O4 - HKLM\..\Run: [MSN Messenger] D:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\RunServices: [StillImageMonitor] D:\WINDOWS\System32\stimon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] D:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - D:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8AAC07E4-06EC-4A6A-8F9C-2F8BF483384C} - D:\WINDOWS\System32\wldr.dll (HKCU)
O16 - DPF: {0191ABF4-9421-435E-9FFD-CD827A2A82D8} - http://movie-browser.com/tl7000.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by24fd.bay24....es/MsnPUpld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08EFFF0C-16A5-44A8-B72A-A132DEC431D9}: NameServer = 212.119.64.2 212.119.64.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{08EFFF0C-16A5-44A8-B72A-A132DEC431D9}: NameServer = 212.119.64.2 212.119.64.3
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - D:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - D:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
Thanks keep up the good work