guyz help me out, frrom this ntndis.exe thing!!

Good try, but I can't see the 1 inch size msconfig window you posted. LOL I can say, if it's in system tray, then it's in startup. And just for the record, I'm not a dude. All you need to do is a GOOGLE search. Type: Windows system tray icons. Here's just one to read. http://www.pcworld.com/article/id,73163-page,1/article.html

 

OOOOPs!!!
seriously miscalculated(regarding de dude thing)


Anywayz i do now, the icon in the system tray is not in the startup(ie in the msconfig.exe) got it?

and please check the link below, for the image....buddy!!(will that do?)

http://img98.imageshack.us/my.php?image=fewas3.jpg

 

If you want to call a woman buddy, then I say whatever floats your boat. You can call me QuikDraw... works for me. I was a sketch artist in the old days before it became computerized. This is where the name Quick Draw comes from. I'm retired.

OK, just like you sent proof on your unchecked arrows in MSCONFIG, send me another one of your system tray icons after you select Normal startup in MSCONFIG and reboot.

You can hover the mouse over the icon in question and it should say what it is. Or you can right click it. To keep al the icons displaying in systray. Right click on START> Properties> uncheck hide inactive icons> click apply.

 

Now, QuickDraw, this is how it looks during startup

http://img259.imageshack.us/my.php?image=thisistheprobzb0.jpg

Gettin anythin?? Quickdraw?

 

That's easy. It tells you what's wrong. Says you got crap in your machine and to get rid of it. LOL
All kidding aside. There is a red icon to the right of it with an x in it. click on that, I believe that is the problem. Let me know what you find out. Oh and that icon is a windows warning, it will go out when we fix the other problem.

 

O my god!! i know what that means. its the windows security center icon.
the icon about which i mention is also like that.( except that it is an animated one. it changes to icon with a cross mark and with a "?" mark.
U gettin me?

 

And if you dont mind telling me, which time zone are you in??
coz u been solving my problems for almost 5 hrs in continuous....

 

I'm in the S.F.Bay area, California, US
Yeah, that means your Internet Security Suite, ain't doing it's thing. Get you Internet Security working. Ran a complete virus scan and remove the crap.

 

me from Kerala, India....
anywayz it was nice to be with you....
Signing off for now!! maybe next time i login, ill find the right solution from you for the problem...rite?

 

Or from another member. Bye now.

 

thats no windows security icon. you are trying manually to clean up a smitfraud variant.

look here:
http://www.virusvault.us/smitfraud_trojan_downloaders.htm

there is a automated fix. oddly enough its called smitfraudfix

regards,

echoreply

 

jeynash,
This red icon in system tray is a Windows Firewall warning. YOUR PC IS NOT PROTECTED: TURN ON WINDOWS FIREWALL. However, please note if your OS is fully updated to Service Pack 2(SP2)and you are already using a Internet Security Suite, such as, McAfee or Norton. You do not need this Windows firewall. Once an Internet Security Suite is fully installed and protecting, the Windows Firewall warning will turn off. After the security software is working go the Windows Security Center and make sure the Windows Firewall is turned off. You will not need two Firewalls. This should correct the problem, unless you have viruses which required a manual removal. Be sure to run a Disk Clean and Disc Defragmenter afterwards. Let me know what happens.

 

jeynash,

iam referring to the question mark like icon in your tray, with the ballon msg about being infected-- from the image you posted-- this is the classic sign of a smitfraud infection. it prompts/directs you to download worthless security software.

you said it here:

 

i had tried smitfraudfix even days before, but without any success. and for quikdraw, its not the windows security centre icon, it is "like" windows security centre icon.

 

Read this.
http://www.bleepingcomputer.com/forums/topic85376.html

 

thanx QD, the problem that they described in the page( of the link above) is exactly the same as mine. But the Smitfraud isnt working for me.

Maybe can you check this. this is the log file of the "system scan" using "hijackthis":




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:16:25 AM, on 12/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\WINDOWS\explorer.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\BitTorrent\bittorrent.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\RunServices: [SystemTray Monitor] SysTraymon.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{74AC2C92-D280-4080-9A45-42845F903AC2}: NameServer = 218.248.255.145 61.1.96.69
O20 - AppInit_DLLs:
O22 - SharedTaskScheduler: exegeses - {1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f} - D:\WINDOWS\system32\bubbj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3502 bytes

 

or would this be the problem

i have got

NAME: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
DATA: Browseui preloader

in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

 

All you have to do is Google it. Here's the results. http://www.google.com/search?hl=en&...A-11D1-B96B-00A0C90312E1}+&btnG=Google+Search

 

smitfraud is often updated. delete your copy and run the first step (search) and post the log in next reply:

Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.exe

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press Enter
This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. post log in next reply.

echoreply

 

SmitFraudFix v2.257

Scan done at 6:55:17.56, Thu 12/06/2007
Run from D:\Documents and Settings\anandakrishnan\Desktop\BAjar ARchivos\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Ahead\InCD\InCDsrv.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Internet Explorer\iexplore.exe
D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\WINDOWS\system32\wscntfy.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

hosts file corrupted !

127.0.0.1 legal-at-spybot.info
127.0.0.1 www.legal-at-spybot.info

»»»»»»»»»»»»»»»»»»»»»»»» D:\


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

D:\WINDOWS\system32\bubbj.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\anandakrishnan


»»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\anandakrishnan\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

D:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
D:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\ANANDA~1\FAVORI~1

D:\DOCUME~1\ANANDA~1\FAVORI~1\Online Security Test.url FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}"="exegeses"

[HKEY_CLASSES_ROOT\CLSID\{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}\InProcServer32]
@="D:\WINDOWS\system32\bubbj.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}\InProcServer32]
@="D:\WINDOWS\system32\bubbj.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=dword:00000001
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: WAN (PPP/SLIP) Interface
DNS Server Search Order: 218.248.255.145
DNS Server Search Order: 61.1.96.69

Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{74AC2C92-D280-4080-9A45-42845F903AC2}: NameServer=218.248.255.145 61.1.96.69
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{74AC2C92-D280-4080-9A45-42845F903AC2}: NameServer=218.248.255.145 61.1.96.69
HKLM\SYSTEM\CS2\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End