still can't remove trojan adware.32.exprdwnldr |
Discover the best free computer help!
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
Learn more about Geeks to Go by taking the tour. Spyware, virus, trojan, fake security or privacy alerts? Read the malware cleaning guide.
  |
 Feb 27 2008, 01:24 PM
Post
#1
|
|
|
New Member  Posts: 2 OS: windows 2000  |
I tried to follow the instructions on how to remove from this forum but its still here. here is the hijack file and pandascan can someone please help me out. Thanks. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:22:00 AM, on 2/27/2008 Platform: Windows 2000 SP4 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Boot mode: Normal Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\Ghost\ngserver.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\Explorer.EXE C:\Program Files\Symantec\Ghost\bin\dbserv.exe C:\Program Files\Symantec\Ghost\bin\rteng7.exe C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\WINNT\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\system32\ctfmon.exe C:\WINNT\system32\msiconf.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN D:\efi\server\eficamx_runtime\eficamx.exe D:\efi\server\system\winsnmpd.exe C:\WINNT\system32\wuauclt.exe D:\efi\server\system\ipp.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINNT\system32\NOTEPAD.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O2 - BHO: (no name) - {F12DC8C6-4ECC-44FF-A7F1-715061FCB7A4} - C:\WINNT\system32\cmuti.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user') O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Command WorkStation 4.lnk = C:\Program Files\Fiery\Command WorkStation 4\CWS 4.exe O4 - Global Startup: Fiery Spark Professional 2.0.lnk = D:\efi\server\system\tbicon.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/...?p=ZJxdm027YYCA O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.com/download.yahoo.com/...ntr_current.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{4F32BC4D-FF47-465B-8658-BE2D718011B6}: NameServer = 86.64.145.143 O18 - Filter hijack: text/html - (no CLSID) - (no file) O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe O23 - Service: Apache (apache) - Unknown owner - D:\efi\server\httpd\apache.exe O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe O23 - Service: EFI Bootp Client (EFI_BOOTPC) - Unknown owner - D:\efi\server\system\bootpc.exe O23 - Service: EFI Fiery (efi_fiery) - Unknown owner - D:\efi\server\system\sp.exe O23 - Service: EFI IPP Server (efi_ipp) - Unknown owner - D:\efi\server\system\ipp.exe O23 - Service: EFI SNMPD (EFI_SNMP) - Unknown owner - D:\efi\server\system\winsnmpd.exe O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe O23 - Service: Msfsnt - Logitech Inc. - C:\WINNT\system32\drivers\lvcodek.sys O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- End of file - 10365 bytes Incident Status Location Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@247realmedia[2].txt Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@7search[2].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@adrevolver[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@adrevolver[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@ads.pointroll[2].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@adtech[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@advertising[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@apmebf[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@atwola[1].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@bfast[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@bluestreak[1].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@bravenet[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@bs.serving-sys[2].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@burstnet[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@casalemedia[2].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@cgi-bin[1].txt Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@citi.bridgetrack[1].txt Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@clickbank[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@com[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@did-it[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@doubleclick[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@ehg-dig.hitbox[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@ehg.hitbox[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@fastclick[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@go[1].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@i.screensavers[1].txt Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@maxserving[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@mediaplex[1].txt Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@mysearch[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@overture[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@perf.overture[1].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@phg.hitbox[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@realmedia[2].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@revenue[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@searchportal.information[2].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@server.iad.liveperson[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@serving-sys[2].txt Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@stat.onestat[2].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@statse.webtrendslive[2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@toplist[1].txt Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@trafficmp[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@tribalfusion[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@www.burstbeacon[1].txt Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@www.myaffiliateprogram[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@xiti[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@zedo[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@ad.yieldmanager[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@advertising[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@atdmt[2].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@bluestreak[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@casalemedia[1].txt Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@mediaplex[1].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@questionmarket[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@tribalfusion[2].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@888[1].txt Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@888[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@adrevolver[3].txt Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@adtech[2].txt Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@advancedcleaner[2].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@apmebf[2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@atdmt[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@atwola[1].txt Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@bluestreak[1].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@bravenet[1].txt Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@cassava[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@com[1].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@doubleclick[1].txt Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@findwhat[1].txt Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@fl01.ct2.comclick[2].txt Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@mysearch[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@questionmarket[2].txt Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@toplist[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@xiti[1].txt Spyware:Cookie/PrivacyGuard Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@yourprivacyguard[2].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix\Process.exe Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix\Reboot.exe Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix\restart.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix.zip[SmitfraudFix/Reboot.exe] Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix.zip[SmitfraudFix/restart.exe] Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Virus:Generic Malware Disinfected C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe Hacktool:Rootkit/Nuwar.MS Not disinfected C:\SDFix\backups\backups.zip[backups/bldy2def-18b0.sys] Potentially unwanted tool:Application/Processor Not disinfected C:\WINNT\system32\Process.exe Possible Virus. Not disinfected D:\MEP_PUBLIC\MEP_2000\davidsart\x-men\x-men\yahoo_dinerdash2_tm5-3.exe[dinerdash2.exe] Potentially unwanted tool:Application/Processor Not disinfected D:\Software\AntiVirus-Adware_Spyware\Remove-Infected-With-Spyware\Print Your Photos Online.exe[smitRem/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected D:\Software\AntiVirus-Adware_Spyware\Remove-Infected-With-Spyware\smitRem\Process.exe . |
 |
 
|
|
Feb 27 2008, 01:25 PM
Post
#2
|
|
|
New Member Posts: 2 OS: windows 2000 |
here is the smit too
SmitFraudFix v2.296 Scan done at 23:29:08.82, Tue 02/26/2008 Run from C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\Ati2evxx.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINNT\system32\svchost.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\Program Files\Symantec\Ghost\ngserver.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINNT\System32\WBEM\WinMgmt.exe C:\WINNT\system32\mspmspsv.exe C:\WINNT\system32\svchost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\Symantec\Ghost\bin\dbserv.exe C:\WINNT\system32\Ati2evxx.exe C:\Program Files\Symantec\Ghost\bin\rteng7.exe C:\WINNT\Explorer.EXE C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe C:\WINNT\system32\RunDll32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINNT\system32\ctfmon.exe C:\WINNT\system32\msiconf.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\AcroDist.exe C:\Program Files\Paltalk Messenger\palstart.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 2.3\program\soffice.exe C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN D:\efi\server\eficamx_runtime\eficamx.exe D:\efi\server\system\winsnmpd.exe C:\WINNT\system32\wuauclt.exe C:\WINNT\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Hiep Le.MAIN »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Hiep Le.MAIN\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HIEPLE~1.MAI\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» VACFix !!!Attention, following keys are not inevitably infected!!! VACFix Credits: Malware Analysis & Diagnostic Code: S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Marvell Gigabit Ethernet Controller DNS Server Search Order: 192.168.0.1 Description: Marvell Gigabit Ethernet Controller DNS Server Search Order: 86.64.145.143 HKLM\SYSTEM\CCS\Services\Tcpip\..\{4F32BC4D-FF47-465B-8658-BE2D718011B6}: NameServer=86.64.145.143 HKLM\SYSTEM\CCS\Services\Tcpip\..\{CC7D939D-D3F4-4DC0-979F-B8484CBE15C7}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{4F32BC4D-FF47-465B-8658-BE2D718011B6}: NameServer=86.64.145.143 HKLM\SYSTEM\CS1\Services\Tcpip\..\{CC7D939D-D3F4-4DC0-979F-B8484CBE15C7}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\..\{4F32BC4D-FF47-465B-8658-BE2D718011B6}: NameServer=86.64.145.143 HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC7D939D-D3F4-4DC0-979F-B8484CBE15C7}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
Similar Topics
| Topic Title | Replies / Views | Topic Information | |||||
|---|---|---|---|---|---|---|---|
 |
0 / 478 | 18th December 2007 - 10:43 PM margarox0r started - last by margarox0r |
|||||
 |
53 / 3,126 | 26th August 2008 - 05:08 PM kevin777 started - last by greyknight17 |
|||||
|
6 / 761 | 25th June 2008 - 04:01 PM pmurie started - last by Rorschach112 |
|||||
|
18 / 148 | 17th November 2008 - 05:13 PM tnargak started - last by Rorschach112 |
|||||
|
Time is now: 21st November 2008 - 11:15 PM |
| Advertisements do not imply our endorsement of that product or service. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. |
