?virus ?? system error

Hi,
developed a fatal error when simultaneously downloading Norton antivirus and a word document from friend .reboot loops.restored system to factory settings using disc.windows picture and fax viewer wouldnt work.installed trial version ACDSee.Couldnt download and see pictures yet but could see pics on internet.Then - Friend?foe viewed & downloaded a few "unsolicited" (****)pics.those could not be seen on my system. Picture viewer says.. no preview available unsupported format, forJPG BMP,GIF formats.ACDsee says unknown format. .Followed instructions in the above thread,uninstalledACDsee.
What do I do now?cannot download and see any pics.
picture viewer error?virus?in pics resident in memory?
Have Norton antivirus 2004and cleaner program-no viruses detected.
Quickheal detects Marburg in My Pictures but cannot qurantine/remove.Re restored system using disc.Same problem persists.Panda active scan 20 minutes ago, says no viruses.had posted this request in Windows XP forum.was referred here.
Rest of the system seems ok.Please help

 

Bumping this one to the top. Hopefully you'll get answers.

 

Dear confused,

Welcome!

This reply will bump you up again and maybe one of the experts will see it (holidays,etc. always slow things down).

Meanwhile you can download and update adaware and spybot from "Links" in my sig., and run them as well as your updated antivirus program.

Then download and run (from a folder of it's own, like c:\hjt\) hijackthis. Don't fix anything it finds, just save the log and copy and paste it here for experts to peruse and advise you.

 

From confused:

hi
thanks for your help. am sending the logs to you to see if you would kindly help me.Advait(confused)dunt know about posting it on the net.. will it be sfe to do so?
Logfile of HijackThis v1.98.2
Scan saved at 22:59:27, on 28/11/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\sistray.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\System32\khooker.exe
C:\WINDOWS\System32\MPB.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\pctspk.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wisptis.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\RFA\rfagent.exe
C:\Documents and Settings\Advait\My Documents\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiS Tray] C:\WINDOWS\System32\sistray.EXE
O4 - HKLM\..\Run: [SiS KHooker] C:\WINDOWS\System32\khooker.exe
O4 - HKLM\..\Run: [MPB] C:\WINDOWS\System32\MPB.exe
O4 - HKLM\..\Run: [PCTVOICE] pctspk.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe "
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKLM\..\Run: [rfagent] C:\Program Files\RFA\rfagent.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [RFAgent] C:\Program Files\RFA\rfagent.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

from spybot scan-DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-21-1493418154-1449542653-3292285946-1007\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Inter net Settings\Zones\0\1004!=W=3

DSO Exploit: Data source object exploit (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Internet Settings\Zones\0\1004!=W=3


--- Spybot - Search && Destroy version: 1.3 ---
2004-05-12 Includes\Cookies.sbi
2004-05-12 Includes\Dialer.sbi
2004-05-12 Includes\Hijackers.sbi
2004-05-12 Includes\Keyloggers.sbi
2004-05-12 Includes\LSP.sbi
2004-05-12 Includes\Malware.sbi
2004-05-12 Includes\Revision.sbi
2004-05-12 Includes\Security.sbi
2004-05-12 Includes\Spybots.sbi
2004-05-12 Includes\Tracks.uti
2004-05-12 Includes\Trojans.sbi

thanks for your help and hoping for an early reply

 

Hi Sorry about the delay

Im not seeing anything to be alarmed with.

You should go get (one at a time) two free onlines, if they are unable to fix or delete what they find copy the reports back here.
(i see youve used panda ithats great, but go get other opinions to)

Dont assume becouse you just installed SpyBot that its detection rules(incleds) are up to date. always check for updates. same with Ad-Aware