Virus Alert on Task bar

  1. 03-10-2008  #1
    somasundaram_i
    somasundaram_i is offline Newbie

    Virus Alert on Task bar

    When I vsitted a site I think I got this virus malware .
    How to remove this. ?..
    It locked us out of task manager, all the drives and program files.
    Im able to get on the internet but when i try to download programs to help fix things it asks if i want to save file and i click on save file but then it don't do anything. My time says the clock in military time and says virus alert!

    Here the Log file from Trend Micro HijackThis v2.0.2 is below

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:54: VIRUS ALERT!, on 10/3/2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16705)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    D:\WINDOWS\system32\svchost.exe
    D:\PROGRA~1\AVG\AVG8\avgrsx.exe
    D:\PROGRA~1\AVG\AVG8\avgemc.exe
    D:\WINDOWS\Explorer.EXE
    D:\WINDOWS\SOUNDMAN.EXE
    D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    D:\WINDOWS\system32\ctfmon.exe
    D:\Program Files\NHM Writer\NhmWriter.exe
    C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
    D:\Documents and Settings\Somasundaram.EAGLE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    C:\PROGRA~1\MICROS~2\rapimgr.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    D:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    D:\Program Files\IncrediMail\bin\IMApp.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    D:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    D:\Program Files\IncrediMail\bin\IncMail.exe
    D:\Program Files\Google\Google Talk\googletalk.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\IncrediMail\bin\ImNotfy.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Web Search
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! India
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Yahoo! Search - Web Search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = Yahoo! SearchBar Home Page
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Yahoo! Search - Web Search
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Yahoo! India
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Yahoo! Search - Web Search
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com
    O1 - Hosts: 127.255.255.255 CD and DVD Burning Software - Alcohol 120% - Alcohol 52% and Alcohol 52% Free
    O1 - Hosts: 127.255.255.255 images.alcohol-soft.com
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\sw g.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\PROGRA~1\YAHOO!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [AVG8_TRAY] D:\PROGRA~1\AVG\AVG8\avgtray.exe
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] D:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\wianmpa.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKCU\..\Run: [swg] D:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [ctfmon.exe] D:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Yahoo! Pager] "D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [NhmWriter] D:\Program Files\NHM Writer\NhmWriter.exe
    O4 - HKCU\..\Run: [IncrediMail] D:\Program Files\IncrediMail\bin\IncMail.exe /c
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
    O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Somasundaram.EAGLE\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [HPSoftwareUpdate] D:\Program Files\HP\HP Software Update\HPWUCli.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] D:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [HPSoftwareUpdate] D:\Program Files\HP\HP Software Update\HPWUCli.exe (User 'Default user')
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\Program Files\IncrediMail\bin\resources\WebMenuImg.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0246ECA8-996F-11D1-BE2F-00A0C9037DFE} (TDServer Control) - http://www.maalaimalar.com/wfplayer/tdserver.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - D:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} (get_atlcom Class) - http://apps.corel.com/nos_dl_manager...EGetPlugin.ocx
    O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://incredimail.oberon-media.com/...jolauncher.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/dd/...dsolutions.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{7F775BCC-985D-44DB-B8A7-54E86E7FBD70}: NameServer = 125.22.47.125,202.56.250.5
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
    O20 - AppInit_DLLs: avgrsstx.dll
    O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: tuvUMggH - tuvUMggH.dll (file missing)
    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O24 - Desktop Component 0: (no name) - http://mail.google.com/mail/images/bidi_controls.gif

    --
    End of file - 8630 bytes

  3. 04-10-2008  #2
    rokytnji
    rokytnji is offline Dedicated Member
    Hello somasundaram_i and welcome to DAL. For best result for your post, repost your thread here.

    Spyware, Adware, Viruses and HijackThis Logs
+ Reply to Thread
« Restore | computer in bits please help »