Virus or Trojan on your PC.

try malwarebytes its here in app section.

yes, it's a virus

can you provide us a hijackthis report ??

thanks

But i use a bought verson of legal k7 total security package..
is this antivirus is bullshit..

@ tHeGeNiUs

What is this hijackthis report?

@ tHeGeNiUs

ok i got it m givvin it jus now plzz wait..

Here is the report plzz help me...

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 12:07:39 AM, on 1/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programs files\java\bin\jqs.exe
C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe
C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe
C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe
D:\Programs files\Winamp pro\Winamp\winampa.exe
C:\PROGRA~1\TATAPH~1\USB Modem Run.exe
D:\Programs files\java\bin\jusched.exe
C:\Program Files\K7 Computing\K7TSecurity\K7SysMon.Exe
C:\Program Files\Messenger\msmsgs.exe
D:\Programs files\Babylon pro\Babylon.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
D:\Programs files\IDM\Internet Download Manager\IDMan.exe
D:\Programs files\Advanced SystemCare 3\AWC.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Programs files\IDM\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Aaditya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Aaditya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Programs files\java\bin\javaw.exe
C:\PROGRA~1\K7COMP~1\K7TSEC~1\K7TSAlrt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Aaditya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tataindicom.com/CM200
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programs files\IDM\Internet Download Manager\IDMIECC.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Programs files\Babylon pro\Utils\BabylonIEPI.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programs files\java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programs files\java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [K7TSStart] C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Programs files\Winamp pro\Winamp\winampa.exe"
O4 - HKLM\..\Run: [USB Modem Run] C:\PROGRA~1\TATAPH~1\USB Modem Run.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programs files\java\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] D:\Programs files\Babylon pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [IDMan] D:\Programs files\IDM\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Programs files\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &am__TEXT IS TOO BIG. IT WAS TRUNCATED TO 5000 SYMBOLS

i can see that you have more than one protection softwre like K7 and Deep Freeze

however, i think you should look at this line:
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)


so TURN SYSTEM RESTORE OFF, then do a scan again,check that line and click fix
then download ComboFIX from here

run it and wait until it finish

restart yor computer, then tell us the results
greetings

try malwarebytes its here in app section.

I would say the same...This sounds very much like a virus. Use the Malwarebytes Anti-Malware. You can find it by a search,and use it to do a full scan,of course getting it updated first.And don't forget to "shut" off your SYSTEM RESTORE setting,otherwise Windows will keep the "problem" in memory and just re-install it when you re-boot after cleaning.

Plzz can u tell how to turn off system restore...

ok i hav turned off system restore ....
and dowloaded malwarebytes and scanned..
got 1600 virus
plzz can u suggest me a antivirus if i want to have a legal m plannin' to buy one
plzzz

turn off system restore link

well i would clean it up with malwarebytes first. as far as antivirus i think youll get a different answer from most people i would suggest kaspersky or eset nod32 i myself am using eset nod32 at the moment.

@opiumsamson
scanned but got no result of infected files..
here is the report

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 2

1/5/2010 1:23:35 AM
mbam-log-2010-01-05 (01-23-35).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|)
Objects scanned: 117816
Time elapsed: 40 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

@tetsunosuke

Thankzz u were really helpful

@tHeGeNiUs

problem continues broda.!!

@tHeGeNiUs

new report after ur instructions

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:55:17 AM, on 1/5/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\Programs files\java\bin\jqs.exe
C:\Program Files\K7 Computing\K7TSecurity\K7TSMngr.exe
C:\Program Files\K7 Computing\K7TSecurity\K7EmlPxy.exe
C:\Program Files\K7 Computing\K7TSecurity\K7FWSrvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7PSSrvc.exe
C:\Program Files\K7 Computing\K7TSecurity\K7RTScan.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe
D:\Programs files\Winamp pro\Winamp\winampa.exe
C:\Program Files\K7 Computing\K7TSecurity\K7SysMon.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\TATAPH~1\USB Modem Run.exe
D:\Programs files\java\bin\jusched.exe
D:\Programs files\Babylon pro\Babylon.exe
C:\Program Files\Faronics\Deep Freeze\Install C-0\_$Df\FrzState2k.exe
D:\Programs files\IDM\Internet Download Manager\IDMan.exe
D:\Programs files\Advanced SystemCare 3\AWC.exe
C:\Program Files\WinZip\WZQKPICK.EXE
D:\Programs files\IDM\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\Aaditya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\K7COMP~1\K7TSEC~1\K7TSAlrt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Aaditya\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
D:\Programs files\java\bin\javaw.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://toolbar.ask.com/toolbarv/askRedirect?o=101699&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.tataindicom.com/CM200
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Programs files\IDM\Internet Download Manager\IDMIECC.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - D:\Programs files\Babylon pro\Utils\BabylonIEPI.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Programs files\java\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Programs files\java\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [K7TSStart] C:\Program Files\K7 Computing\K7TSecurity\K7TSecurity.exe
O4 - HKLM\..\Run: [WinampAgent] "D:\Programs files\Winamp pro\Winamp\winampa.exe"
O4 - HKLM\..\Run: [USB Modem Run] C:\PROGRA~1\TATAPH~1\USB Modem Run.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Programs files\java\bin\jusched.exe"
O4 - HKLM\..\Run: [Babylon Client] D:\Programs files\Babylon pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [IDMan] D:\Programs files\IDM\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Programs files\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with__TEXT IS TOO BIG. IT WAS TRUNCATED TO 5000 SYMBOLS

did you use ComboFix as i said ?

Yes i used combofix...

that is so strange
and you said that you used malwarebytes and it reported no viruses...

ok, try these tools
(SmitRem/SmitFraudFix) and RougeScanFix

Hope they will work

Thank u
i hav seen u many tyms solvin others problems on requests..
keep it up
hatts off to u n ur work..

adiroxxx said:

Thank u
i hav seen u many tyms solvin others problems on requests..
keep it up
hatts off to u n ur work..

thanks, adiroxxx

so, how is the situation with your computer now ?

Now i was fed up tryin' and really frustrated so,
ultimately i formatted mah system c drive dumped mah k7 antivirus and
bought kis 2010 and now itzz fine..
thankzz for ur consistance support once again.

adiroxxx said:

Now i was fed up tryin' and really frustrated so,
ultimately i formatted mah system c drive dumped mah k7 antivirus and
bought kis 2010 and now itzz fine..
thankzz for ur consistance support once again.

no problem

Now i was fed up tryin' and really frustrated so,
ultimately i formatted mah system c drive dumped mah k7

Too bad you had to reformat,but I've had to do that a coupla' times myself. It's good training and only increases your knowledge of the PC.And as for System Protection, I have used Norton Internet Security for 5 yrs (buying the legal edition,it's not big $$,here it's $60-70 Canadian), and I have never had a problem with ANYTHING getting into my setup.Some say it's a resource hog,but if your comp is up to date and with reasonable Power/MEM/RAM,it should be the best for you. Do some research on it and i'm sure it will fit your needs. Good luck

It's a common in windows XP problem fixit with "F i x Windows Update Error Automatically With Fix It Tool".Down Here : http://www.ziddu.com/download/8056808/MicrosoftFixit50202.msi.html

http://www.ziddu.com/download/8056808/MicrosoftFixit50202.msi.html

you could have tried typing sfc /scannow in your cmd.