1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

guyz help me out, frrom this ntndis.exe thing!!

Discussion in 'Windows - Virus and spyware problems' started by jeynash, Dec 3, 2007.

  1. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Good try, but I can't see the 1 inch size msconfig window you posted. LOL I can say, if it's in system tray, then it's in startup. And just for the record, I'm not a dude. All you need to do is a GOOGLE search. Type: Windows system tray icons. Here's just one to read. http://www.pcworld.com/article/id,73163-page,1/article.html
     
    Last edited: Dec 4, 2007
  2. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    OOOOPs!!!
    seriously miscalculated(regarding de dude thing)
    :)

    Anywayz i do now, the icon in the system tray is not in the startup(ie in the msconfig.exe) got it?

    and please check the link below, for the image....buddy!!(will that do?)

    http://img98.imageshack.us/my.php?image=fewas3.jpg
     
  3. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    If you want to call a woman buddy, then I say whatever floats your boat. You can call me QuikDraw... works for me. I was a sketch artist in the old days before it became computerized. This is where the name Quick Draw comes from. I'm retired.

    OK, just like you sent proof on your unchecked arrows in MSCONFIG, send me another one of your system tray icons after you select Normal startup in MSCONFIG and reboot.

    You can hover the mouse over the icon in question and it should say what it is. Or you can right click it. To keep al the icons displaying in systray. Right click on START> Properties> uncheck hide inactive icons> click apply.
     
    Last edited: Dec 4, 2007
  4. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
  5. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    That's easy. It tells you what's wrong. Says you got crap in your machine and to get rid of it. LOL
    All kidding aside. There is a red icon to the right of it with an x in it. click on that, I believe that is the problem. Let me know what you find out. Oh and that icon is a windows warning, it will go out when we fix the other problem.
     
    Last edited: Dec 4, 2007
  6. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    O my god!! i know what that means. its the windows security center icon.
    the icon about which i mention is also like that.( except that it is an animated one. it changes to icon with a cross mark and with a "?" mark.
    U gettin me?
     
  7. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    And if you dont mind telling me, which time zone are you in??
    coz u been solving my problems for almost 5 hrs in continuous....
     
  8. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    I'm in the S.F.Bay area, California, US
    Yeah, that means your Internet Security Suite, ain't doing it's thing. Get you Internet Security working. Ran a complete virus scan and remove the crap.
     
    Last edited: Dec 4, 2007
  9. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    me from Kerala, India....
    anywayz it was nice to be with you....
    Signing off for now!! maybe next time i login, ill find the right solution from you for the problem...rite?
     
  10. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    Or from another member. Bye now.
     
  11. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
  12. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
    jeynash,
    This red icon in system tray is a Windows Firewall warning. YOUR PC IS NOT PROTECTED: TURN ON WINDOWS FIREWALL. However, please note if your OS is fully updated to Service Pack 2(SP2)and you are already using a Internet Security Suite, such as, McAfee or Norton. You do not need this Windows firewall. Once an Internet Security Suite is fully installed and protecting, the Windows Firewall warning will turn off. After the security software is working go the Windows Security Center and make sure the Windows Firewall is turned off. You will not need two Firewalls. This should correct the problem, unless you have viruses which required a manual removal. Be sure to run a Disk Clean and Disc Defragmenter afterwards. Let me know what happens.
     
    Last edited: Dec 4, 2007
  13. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    jeynash,

    iam referring to the question mark like icon in your tray, with the ballon msg about being infected-- from the image you posted-- this is the classic sign of a smitfraud infection. it prompts/directs you to download worthless security software.

    you said it here:

     
  14. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    i had tried smitfraudfix even days before, but without any success. and for quikdraw, its not the windows security centre icon, it is "like" windows security centre icon.
     
  15. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
  16. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    thanx QD, the problem that they described in the page( of the link above) is exactly the same as mine. But the Smitfraud isnt working for me.

    Maybe can you check this. this is the log file of the "system scan" using "hijackthis":




    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:16:25 AM, on 12/6/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    D:\Program Files\Internet Download Manager\IDMan.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Internet Download Manager\IEMonitor.exe
    D:\WINDOWS\explorer.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\Program Files\BitTorrent\bittorrent.exe
    D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=488
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [WinPatrol] D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    O4 - HKLM\..\RunServices: [SystemTray Monitor] SysTraymon.exe
    O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{74AC2C92-D280-4080-9A45-42845F903AC2}: NameServer = 218.248.255.145 61.1.96.69
    O20 - AppInit_DLLs:
    O22 - SharedTaskScheduler: exegeses - {1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f} - D:\WINDOWS\system32\bubbj.dll
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - D:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 3502 bytes






     
  17. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    or would this be the problem

    i have got

    NAME: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
    DATA: Browseui preloader

    in [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
     
  18. QuikDraw

    QuikDraw Regular member

    Joined:
    Sep 29, 2007
    Messages:
    808
    Likes Received:
    0
    Trophy Points:
    26
  19. echoreply

    echoreply Regular member

    Joined:
    Nov 9, 2007
    Messages:
    472
    Likes Received:
    0
    Trophy Points:
    26
    smitfraud is often updated. delete your copy and run the first step (search) and post the log in next reply:

    Download SmitfraudFix (by S!Ri) to your Desktop.

    http://siri.urz.free.fr/Fix/SmitfraudFix.exe

    Double-click SmitfraudFix.exe
    Select option #1 - Search by typing 1 and press Enter
    This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. post log in next reply.

    echoreply
     
  20. jeynash

    jeynash Member

    Joined:
    Sep 20, 2007
    Messages:
    32
    Likes Received:
    0
    Trophy Points:
    16
    SmitFraudFix v2.257

    Scan done at 6:55:17.56, Thu 12/06/2007
    Run from D:\Documents and Settings\anandakrishnan\Desktop\BAjar ARchivos\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Ahead\InCD\InCDsrv.exe
    D:\WINDOWS\system32\spoolsv.exe
    D:\WINDOWS\Explorer.EXE
    D:\Program Files\Internet Explorer\iexplore.exe
    D:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    D:\Program Files\Internet Download Manager\IDMan.exe
    D:\Program Files\Bonjour\mDNSResponder.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\Program Files\Internet Download Manager\IEMonitor.exe
    D:\WINDOWS\system32\wscntfy.exe
    D:\Program Files\Mozilla Firefox\firefox.exe
    D:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    hosts file corrupted !

    127.0.0.1 legal-at-spybot.info
    127.0.0.1 www.legal-at-spybot.info

    »»»»»»»»»»»»»»»»»»»»»»»» D:\


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32

    D:\WINDOWS\system32\bubbj.dll FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» D:\WINDOWS\system32\LogFiles


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\anandakrishnan


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Documents and Settings\anandakrishnan\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

    D:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
    D:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» D:\DOCUME~1\ANANDA~1\FAVORI~1

    D:\DOCUME~1\ANANDA~1\FAVORI~1\Online Security Test.url FOUND !

    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» D:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="My Current Home Page"


    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
    "{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}"="exegeses"

    [HKEY_CLASSES_ROOT\CLSID\{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}\InProcServer32]
    @="D:\WINDOWS\system32\bubbj.dll"

    [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1817ab5d-25bf-4d5e-ba90-6e5fe658fc5f}\InProcServer32]
    @="D:\WINDOWS\system32\bubbj.dll"



    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=dword:00000001
    "AppInit_DLLs"=" "


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: WAN (PPP/SLIP) Interface
    DNS Server Search Order: 218.248.255.145
    DNS Server Search Order: 61.1.96.69

    Description: NVIDIA nForce Networking Controller - Packet Scheduler Miniport
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{74AC2C92-D280-4080-9A45-42845F903AC2}: NameServer=218.248.255.145 61.1.96.69
    HKLM\SYSTEM\CCS\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{74AC2C92-D280-4080-9A45-42845F903AC2}: NameServer=218.248.255.145 61.1.96.69
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{8EFB045B-B454-41EE-91BF-36C22AE0E79A}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End

     

Share This Page