Options
that stupid bestfriends.scr virus
i've run ad adaware and followed the directions on a lot of the other threads, like start in safe mode and looked to delete certain things using HJT but i can't seem to find any of the stuff that's listed. here's my log, can you tell me what i need to do please.....thanx
Logfile of HijackThis v1.99.0
Scan saved at 1:39:41 PM, on 2/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sametime Connect] C:\Program Files\Lotus\Sametime Client\connect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AMD 64 Bit Processor] AMD64.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [AMD 64 Bit Processor] AMD64.EXE
O4 - Startup: Shortcut to map networks.lnk = C:\Documents and Settings\ja-wil\Desktop\bat files\map networks.bat
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099452588767
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - http://sectra.interwise.com/sectra/application/EventEntry/AxWebInstaller.cab
O16 - DPF: {7C705EA9-3C3B-4F3A-B1AA-2184CDFAE4D0} (Viewer Class) - http://wilsonxp/IDS5web/bin/Setup.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = msad.sbhc
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = msad.sbhc
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: SECTRA Autofiler Monitor - Unknown - C:\Program Files\Sectra\ImageServerS\bin\w_auto_filer_monitor.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: SECTRA HL7 Interface Monitor - Unknown - C:\Program Files\Sectra\HL7Interface\bin\hl7if_monitor.exe
O23 - Service: SECTRA Archive ImageServer Monitor - Unknown - C:\Program Files\Sectra\ImageServer\bin\is_monitor_archive.exe
O23 - Service: SECTRA Queue ImageServer Monitor - Unknown - C:\Program Files\Sectra\WISE\bin\is_monitor_queue.exe
O23 - Service: SECTRA ImageServer Monitor - Unknown - C:\Program Files\Sectra\ImageServerS\bin\is_monitor.exe
O23 - Service: SECTRA Local Storage Server - Unknown - C:\Program Files\Sectra\IDS5Home\bin\ls_server.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - Unknown - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: SECTRA DICOM MWL SCP Monitor - Unknown - C:\Program Files\Sectra\WISE\bin\mwlscp_monitor.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SECTRA DICOM Q/R SCP Monitor - Unknown - C:\Program Files\Sectra\ImageServerS\bin\qrscp_monitor.exe
O23 - Service: SonicWall VPN Client Service - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: SECTRA RIS Interface Monitor - Unknown - C:\Program Files\Sectra\WISE\bin\risif_monitor.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SECTRA DICOM Storage SCP Monitor - Unknown - C:\Program Files\Sectra\ImageServerS\bin\ctnmonitor.exe
O23 - Service: SECTRA Viewer Update Service - Unknown - C:\Program Files\Sectra\IDS5web\bin\viewer_service.exe
O23 - Service: SECTRA WISE Monitor - Unknown - C:\Program Files\Sectra\WISE\bin\wise_monitor.exe
O23 - Service: SECTRA Workstation Update Service - Unknown - C:\Program Files\Sectra\IDS5\bin\workstation_service.exe
Logfile of HijackThis v1.99.0
Scan saved at 1:39:41 PM, on 2/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\unzipped\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Sametime Connect] C:\Program Files\Lotus\Sametime Client\connect.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AMD 64 Bit Processor] AMD64.EXE
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\RunOnce: [AMD 64 Bit Processor] AMD64.EXE
O4 - Startup: Shortcut to map networks.lnk = C:\Documents and Settings\ja-wil\Desktop\bat files\map networks.bat
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1099452588767
O16 - DPF: {7A162288-DE78-473C-A6BA-23FF17F768E9} (AxWebInstaller Control) - http://sectra.interwise.com/sectra/application/EventEntry/AxWebInstaller.cab
O16 - DPF: {7C705EA9-3C3B-4F3A-B1AA-2184CDFAE4D0} (Viewer Class) - http://wilsonxp/IDS5web/bin/Setup.exe
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = msad.sbhc
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = msad.sbhc
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: Ati HotKey Poller - Unknown - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: SECTRA Autofiler Monitor - Unknown - C:\Program Files\Sectra\ImageServerS\bin\w_auto_filer_monitor.exe
O23 - Service: pcAnywhere Host Service - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Cisco Systems, Inc. VPN Service - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: SECTRA HL7 Interface Monitor - Unknown - C:\Program Files\Sectra\HL7Interface\bin\hl7if_monitor.exe
O23 - Service: SECTRA Archive ImageServer Monitor - Unknown - C:\Program Files\Sectra\ImageServer\bin\is_monitor_archive.exe
O23 - Service: SECTRA Queue ImageServer Monitor - Unknown - C:\Program Files\Sectra\WISE\bin\is_monitor_queue.exe
O23 - Service: SECTRA ImageServer Monitor - Unknown - C:\Program Files\Sectra\ImageServerS\bin\is_monitor.exe
O23 - Service: SECTRA Local Storage Server - Unknown - C:\Program Files\Sectra\IDS5Home\bin\ls_server.exe
O23 - Service: McAfee Framework Service - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Multi-user Cleanup Service - Unknown - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: SECTRA DICOM MWL SCP Monitor - Unknown - C:\Program Files\Sectra\WISE\bin\mwlscp_monitor.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SECTRA DICOM Q/R SCP Monitor - Unknown - C:\Program Files\Sectra\ImageServerS\bin\qrscp_monitor.exe
O23 - Service: SonicWall VPN Client Service - SonicWALL, Inc. - C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: SECTRA RIS Interface Monitor - Unknown - C:\Program Files\Sectra\WISE\bin\risif_monitor.exe
O23 - Service: Spectrum24 Event Monitor - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: SECTRA DICOM Storage SCP Monitor - Unknown - C:\Program Files\Sectra\ImageServerS\bin\ctnmonitor.exe
O23 - Service: SECTRA Viewer Update Service - Unknown - C:\Program Files\Sectra\IDS5web\bin\viewer_service.exe
O23 - Service: SECTRA WISE Monitor - Unknown - C:\Program Files\Sectra\WISE\bin\wise_monitor.exe
O23 - Service: SECTRA Workstation Update Service - Unknown - C:\Program Files\Sectra\IDS5\bin\workstation_service.exe
0