ra_sriniketan
In the zone
Running win xp with service pack 3.Whenever i try to open ie, its giving a message 'fun.exe has generated an error'.Suggest something.
Fun.exe
- Thread starter ra_sriniketan
- Start date
- Status
Vishal Gupta
Microsoft MVP
Buddy SP3 isnt officially release by Microsoft. Its a version created by some hackers which contains lots of XP updates, themes and a few virus/spyware as a bonus.
Ur system has been infected by virus/spyware. Download "HikackThis" from *www.hijackthis.de/ and scan ur system with it and then post the contents of thye log file here.
Ur system has been infected by virus/spyware. Download "HikackThis" from *www.hijackthis.de/ and scan ur system with it and then post the contents of thye log file here.
OP
ra_sriniketan
In the zone
Heres the log file:
Logfile of HijackThis v1.99.1
Scan saved at 2:44:10 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\dc.exe
C:\WINDOWS\SVIQ.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\bgsmsnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ITFFF1~1.BIT\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe
F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bitmserver1.com
O17 - HKLM\Software\..\Telephony: DomainName = bitmserver1.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5FF053-6272-41FB-90BA-E605F0E27C66}: NameServer = 223.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bitmserver1.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NNSvc - Net Nanny Software International, Inc. - C:\Program Files\Net Nanny\nnsvc.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 2:44:10 PM, on 7/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\Explorer.exe
C:\WINDOWS\system\Fun.exe
C:\WINDOWS\dc.exe
C:\WINDOWS\SVIQ.EXE
C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\bgsmsnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\WINDOWS\system32\userinit.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\ITFFF1~1.BIT\LOCALS~1\Temp\Rar$EX00.047\HijackThis.exe
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe
F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O3 - Toolbar: pdfMachine - {56CF4856-ECB4-4e46-A897-A378821F97B9} - C:\WINDOWS\system32\bgstb.dll
O4 - HKLM\..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [bgsmsnd.exe] C:\WINDOWS\system32\bgsmsnd.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bitmserver1.com
O17 - HKLM\Software\..\Telephony: DomainName = bitmserver1.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5FF053-6272-41FB-90BA-E605F0E27C66}: NameServer = 223.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bitmserver1.com
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NNSvc - Net Nanny Software International, Inc. - C:\Program Files\Net Nanny\nnsvc.exe
O23 - Service: wampapache - Unknown owner - c:\wamp\apache2\bin\httpd.exe" -k runservice (file missing)
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe
O23 - Service: VNC Server Version 4 (WinVNC4) - Unknown owner - C:\Program Files\RealVNC\VNC4\WinVNC4.exe" -service (file missing)
Vishal Gupta
Microsoft MVP
Buddy ur system has become a BIG restaurant for all virus/spyware. Boot into Safe Mode and fix these:
Code:
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\WinSit.exe
F3 - REG:win.ini: load=C:\WINDOWS\inf\Other.exe
F3 - REG:win.ini: run=C:\WINDOWS\system32\config\Win.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [dc2k5] C:\WINDOWS\SVIQ.EXE
O4 - HKCU\..\Run: [Fun] C:\WINDOWS\system\Fun.exe
O4 - HKCU\..\Run: [dc] C:\WINDOWS\dc.exe
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bitmserver1.com
O17 - HKLM\Software\..\Telephony: DomainName = bitmserver1.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{FA5FF053-6272-41FB-90BA-E605F0E27C66}: NameServer = 223.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bitmserver1.com
rakeshishere
HELP AND SUPPORT
Sab SP3 ki Maya 
OP
ra_sriniketan
In the zone
Could not log into safe mode.Pressed F8 though.Cleared all the files that u have mentioned by using hijackthis in normal mode.But still whenever trying to use any browser to access the internet its giving the same old problems.
rakeshishere
HELP AND SUPPORT
ra_sriniketan said:
Try running CCleaner and Spybot to clear all the JUNK
Quiz_Master
* Teh Flirt King *
Turn off system restore first....
And run a full virus scan, with a fully updated antivirus software..,
Run CCleaner and Spybot as rakesh said and also scan with Ad-Aware.
Do all this in safe mode.
And run a full virus scan, with a fully updated antivirus software..,
Run CCleaner and Spybot as rakesh said and also scan with Ad-Aware.
Do all this in safe mode.
anandk
Distinguished Member
Multiple infections there ! some rather nasty. post ur hjt log at www.hijackthis.de to see the complete picture. u may have to schedule a boottime scan of ur av AND anti-spy to clean up ur pc.
- Status