Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Windows XP Gateway 503GR New Problem

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
I need help! I need to know how to get rid of this virus or trojan or whatever it is...
it is called "welchia_icmp_scan" I do not know what it is. All of a sudden my computer has been acting a little bit funny. My AOL program gave me an error saying that i had to reinstall the program and i clicked restart computer and it never restarted and now i am typing this. I just scanned my computer using norton an ad-aware. Nothing came up. It seems that the firewal blocked it, but my computer isnt showing it! I am a little scared considering i just biught this computer over thanksgiving weekend! <_< :D :D
  • 0




    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
here is my thing...

StartupList report, 12/6/2004, 7:27:10 PM
StartupList version: 1.52.2
Started from : C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP2 (6.00.2900.2180)
* Using default options

Running processes:

C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\BigFix\BigFix.exe
C:\Program Files\Logitech\QuickCam\AOLMWiz.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
C:\Program Files\America Online 9.0\waol.exe
C:\Program Files\America Online 9.0\shellmon.exe
C:\Program Files\America Online 9.0\aolwbspd.exe


Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
BigFix.lnk = C:\Program Files\BigFix\BigFix.exe


Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,


Autorun entries from Registry:

High Definition Audio Property Page Shortcut = HDAudPropShortcut.exe
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
NeroFilterCheck = C:\WINDOWS\system32\NeroCheck.exe
SunKistEM = C:\Program Files\Digital Media Reader\shwiconem.exe
(Default) =
mmtask = c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
CHotkey = zHotkey.exe
ShowWnd = ShowWnd.exe
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe
iTunesHelper = C:\Program Files\iTunes\iTunesHelper.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
LVCOMS = C:\Program Files\Common Files\Logitech\QCDriver\LVCOMS.EXE


Autorun entries from Registry:

MSMSGS = "C:\Program Files\Messenger\msmsgs.exe" /background


Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*


Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
(no name) - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - (no file) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC}


Enumerating Task Scheduler jobs:

ISP signup reminder 3.job
Norton AntiVirus - Scan my computer - Owner.job
Symantec NetDetect.job


Enumerating Download Program Files:

[Shockwave ActiveX Control]
InProcServer32 = C:\WINDOWS\system32\Macromed\Director\SwDir.dll
CODEBASE = http://active.macrom...tor/cabs/sw.cab

[Scanner Class]
InProcServer32 = C:\temp\TDECntrl\TDECntrl.dll
CODEBASE = http://www.windowsec...an/TDECntrl.CAB


Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

End of report, 6,207 bytes
Report generated in 0.047 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
  • 0



    Founder Geek

  • Administrator
  • 24,490 posts
Let us take a closer look at what is running on your PC. We'll need you to use a free diagnostic tool (HiJackThis) and post a log as a new topic in the Hijack This forum. It will get a better response there from the people most qualified to analyze logs.

Click the HijackThis Guide in my signature, download it and follow the instructions in the guide. Also see this post.

Most of what it lists will be harmless or even essential, DO NOT delete or modify anything yet! Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP