I recently posted about a smitfraud.c trojan virus and my screen had gone blue with the error. I didnt get a response and i read your thread with arap11155 and followed all those directions and I am not sure if I still have any viruses although the blue screen is gone. I do have a very thin lighter line on the left hand side of my screen that has remained. I dont know what this might be from. These were my last logs of HijackThis, Ewido, and ActiveScan. Can you tell if my comp. is still infected? I am not even sure I did anything right except the error is not appearing anymore. I appreciate any advice....Thanks so much!
Logfile of HijackThis v1.99.1
Scan saved at 11:07:36 PM, on 7/18/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Estee\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.dellnet.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dellnet.comO3 - Toolbar: SuperBar - {1E7BA339-8164-46C6-8216-076DFA738BEE} - C:\Program Files\SuperBar\SuperBar.Dll (file missing)
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [webc] C:\WINDOWS\Fonts\webc.exe
O4 - HKLM\..\Run: [*webc] C:\WINDOWS\Fonts\webc.exe
O4 - HKLM\..\Run: [*wmshard] C:\WINDOWS\java\Packages\wmshard.exe
O4 - HKLM\..\Run: [*urldrv] C:\WINDOWS\addins\urldrv.exe
O4 - HKLM\..\Run: [*mfccr] C:\WINDOWS\Registration\mfccr.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [*sap] C:\WINDOWS\Cursors\sap.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Handspring\HOTSYNC.EXE
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
O4 - Global Startup: DriveSelect.lnk = C:\Program Files\321Studios\Xpress\DriveSelect.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Nikon\NkView6\NkvMon.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Get It With Kontiki - res://C:\Program Files\Kontiki\bin\bh309190.dll/201
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: PowerBuilder DW Control & JDBC -
https://www.yatzran-...dwc80_10691.cabO16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) -
http://tools.ebayimg...ol_v1-0-3-9.cabO16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) -
http://bin.mcafee.co...72/mcinsctl.cabO16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} (cpbrkpie Control) -
http://a19.g.akamai....23/cpbrkpie.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://www.pandasoft.../as5/asinst.cabO16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) -
http://bin.mcafee.co...,15/mcgdmgr.cabO16 - DPF: {F666659D-6359-11D1-A6C9-0020182C1446} (IntraLaunch.MainControl) -
http://www.icba.org....IntraLaunch.CABO20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: DM1Service - OLYMPUS OPTICAL CO.,LTD - C:\Program Files\Olympus\DeviceDetector\DM1Service.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 9:39:02 PM, 7/18/2005
+ Report-Checksum: D703FC6B
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{014DA6C1-189F-421a-88CD-07CFE51CFF10} -> Spyware.eXact : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C2-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C5-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C7-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6CB-189F-421a-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04079851-5845-4dea-848C-3ECD647AA554} -> Spyware.MySearchBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EC8E271-FAB9-418a-8A8E-65AEB4029E64} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72AC6865-B1D3-4C32-A27B-4B3BF04DE655} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{870B70D4-F6DA-47AE-9158-D146440A0A4D} -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF8DA190-3574-11D4-8068-0060082AE372} -> Spyware.BingoFun : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{16097036-894C-4C00-A61F-93CA0D49A70E} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2ED5AF98-9258-45BA-B79B-06625C92F662} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{700DC0DD-F409-42E0-9DE5-21EE1A2BA9FD} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{9603A736-05B9-4D78-BDD5-BDCB0914E522} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC12B055-C9F5-407D-9B66-1851973F32AF} -> Spyware.WurldMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C91E8926-D4BE-4685-99F4-0D996B96BAC0} -> Spyware.P2PNetworking : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{FD42F6D3-7AB1-470C-979B-7996EDC99099} -> Spyware.TOPicks : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{014DA6C0-189F-421A-88CD-07CFE51CFF10} -> Spyware.BargainBuddy : Cleaned with backup
C:\Documents and Settings\Estee\Application Data\Earthlink\6.0\
[email protected]\Cookies\estee@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Program Files\America Online 8.0\OptClean.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\njfdppnp\lltpejfn\rarlnjbh.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\Common Files\njfdppnp\nplpcbrrhc\acranrdde.exe -> Adware.Gator : Cleaned with backup
C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL -> Spyware.MyWay : Cleaned with backup
C:\Program Files\MyWay\SrchAstt\1.bin\MYSRCHAS.DLL -> Spyware.MyWay : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP445\A0051289.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP445\A0051290.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP505\A0054295.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP505\A0054296.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP505\A0054297.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP506\A0054483.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP506\A0054484.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP506\A0054485.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP508\A0054782.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP508\A0054787.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP508\A0054788.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP508\A0054789.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP508\A0054798.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP508\A0054799.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP508\A0054800.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP508\A0054808.exe -> TrojanDownloader.Zlob.x : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0054818.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0054819.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0054820.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0054849.exe -> Trojan.Small.eu : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0054850.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0054854.exe -> Trojan.Puper.aa : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0054855.dll -> Trojan.Puper.t : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0054857.exe -> Trojan.Puper.w : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0054943.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0055098.dll -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0055099.exe -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0055106.dll -> Adware.Gator : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0055114.dll -> Spyware.Cydoor : Cleaned with backup
C:\System Volume Information\_restore{987E0331-0F01-427C-A58A-7A2E4AABF84D}\RP509\A0055115.dll -> Spyware.Cydoor : Cleaned with backup
::Report End
Incident Status Location
Adware:adware/topsearch No disinfected C:\PROGRAM FILES\KAZAA\TopSearch.dll
Adware:adware/myway No disinfected C:\PROGRAM FILES\MySearch
Adware:adware/p2pnetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking
Adware:adware/gator No disinfected C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\GAIN Publishing
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Adware:adware/coupons No disinfected HKEY_CLASSES_ROOT\CPBRKPIE.COUPON6CTRL.1
Adware:adware/antivirus-gold No disinfected HKEY_CLASSES_ROOT\CLSID\{020B1227-417D-4682-9AC3-61F43CB5B6B1}
Adware:adware/navhelper No disinfected HKEY_CLASSES_ROOT\CLSID\{BDF3E430-B101-42AD-A544-FADC6B084872}
Spyware:spyware/altnet No disinfected HKEY_CLASSES_ROOT\Interface\{CE9B37EC-D243-47A2-83DB-3A8350175193}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}
Adware:Adware/nCase No disinfected C:\Program Files\kazaaSoftwareInstall.exe
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\S42NS.EXE
Adware:Adware/MyWay No disinfected C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking\MARSHAL.DLL
Adware:Adware/P2PNetworking No disinfected C:\WINDOWS\SYSTEM32\P2P Networking v123.cpl