Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

i need help to get rid of this virus

Started by computersrstupid , Apr 17 2005 03:45 PM

  • This topic is locked This topic is locked

#1
computersrstupid
Posted 17 April 2005 - 03:45 PM

computersrstupid

    Member

  • Member
  • PipPip
  • 20 posts
[SIZE=7]I have a FRICKN virus but i can't FRICKN get rid of it it FRICKN happaned last frickn night it came up as a blue frickn screen backgroundand i cam't frickn change it because under frickn active frickn desktop it frickn doesn't frickn have frickn backgorunds and a few frickn other frickn tabs are frickn missing well the blue frickn screen said
security warning
A frickn fatal errror ie has frickn occured at 0028:c0011e36 in vxd wmm (01)+
00010e36.error was caused by dumbass trojan-spy.html.smitfraud.c
*system cannot frickn function in normal mode
please check security settings.
scan your pc with any available antivirus/spyware remover program to fix the problem.i've tried all different kinds of ant virus spyware remover .but nothing detected its still on there here is my log .fix your [bleep] computer [bleep].i mean what the flip can you tell me what this all means and tell me what to do to fix it
[SIZE=1][FONT=Arial].Logfile of HijackThis v1.99.1
Scan saved at 5:47:50 PM, on 4/17/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MPREXE.EXE
SAASddDDDADDDDDDDAY

C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\WINDOWS\SYSTEM\E_S4I2D1.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\TEMP\SALM.EXE
C:\WINDOWS\SYSTEM\RD81N38L17OTHD.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HZLZVNOR7M8NI5.EXE
C:\WP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\NKARCB.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/sp.htm?id=33464
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=33464
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\Y6ENG8~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [hqdkj] C:\WINDOWS\hqdkj.exe
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\RD81N38L17OTHD.EXE
O4 - HKLM\..\Run: [¢‰¸ï0 4Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\NKARCB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\DNSCLEANER.EXE
O4 - HKLM\..\Run: [CacheLoader] C:\WINDOWS\ML.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\HZLZVNOR7M8NI5.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = ?
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\Print Office 2000\CorelCENTRAL\Programs\alarm.exe
O4 - Startup: BitDefender Live!.lnk = C:\WINDOWS\bdonlinescan\avxlive.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk144YYCA
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/...::/ieloader.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...activex/mp3.ocx
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_1002535.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolba....0/0006_mp3.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.xs4all.nl/~kuhljf/nl.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
sTUPID [bleep] COMPUTER IS SO STUPID [bleep] I WANT IT FIXED PLEASE HELP ME I NEED HELLP [bleep] SAKES!!I MEAN THAT S BULL SHIZZLE

PLEASE HELP ME!!!!!!!I'VE BEEN [bleep]NWAITING FOR A [bleep]N ANSWER FOR A DAY AND I'VE TRIED EVRYTHING I CAN THINK OF!!!!!!!AND I'VE TRIED THIS AND THIS IS STUPID CUZ NOBODY HAS [bleep]IN REPLIED YET BUT THEY REPLY TO OTHER PPL WHO POSTED IT TODAY [bleep]N [bleep] AND I POSTED MINE YESTERDAY GOD [bleep] I WANT SOME SERVICE!!!!!!JUST KIDDING BUT PLZ HELP ME I KNO YOU ARE BUSY BUT PLEASE PICK ME!!!!PLEASE PICK ME PLEASE I NEED HELP [bleep].I NEED SOME ASISTANCE SO IF YOU COULD FIND IT IN YOUR HEARTS TO HELP I THINK I'D BE QUITE HAPPY.THANKYOU FOR YOUR TIME.

Edited by computersrstupid, 18 April 2005 - 05:39 PM.

  • 0

Advertisements

#2
computersrstupid
Posted 18 April 2005 - 06:00 PM

computersrstupid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
PLease help me get rid of this virus i've tried everything you said the cw shredder
-avg thing
-spyware removers
-anti virus
-spybot
-ad ware removers
it hasn't picked it up i have a blue screen for a background and i can't change it it says
an error has occured at 0028:C0011E36 in vxd
wmm (01)+
00130e36.error was caused by trojan-spy.html.smitfraud.c
*sytem cannot operate in normal mode
please check security settings
scan your pc with any antivirus/spyware remover to fix the problem .
I've tried everything can you please help?
HERE IS MY HIGH JACK THIS LOG BOOKLogfile of HijackThis v1.99.1
Scan saved at 8:04:48 PM, on 4/18/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\WINDOWS\SYSTEM\E_S4I2D1.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\TEMP\SALM.EXE
C:\WINDOWS\SYSTEM\RD81N38L17OTHD.EXE
C:\NKARCB.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\WINDOWS\SYSTEM\HZLZVNOR7M8NI5.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WP.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\STOP.00009_4.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/sp.htm?id=33464
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=33464
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\Y6ENG8~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [hqdkj] C:\WINDOWS\hqdkj.exe
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\RD81N38L17OTHD.EXE
O4 - HKLM\..\Run: [¢‰¸ï0 4Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\NKARCB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\DNSCLEANER.EXE
O4 - HKLM\..\Run: [CacheLoader] C:\WINDOWS\ML.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\HZLZVNOR7M8NI5.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = ?
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\Print Office 2000\CorelCENTRAL\Programs\alarm.exe
O4 - Startup: BitDefender Live!.lnk = C:\WINDOWS\bdonlinescan\avxlive.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk144YYCA
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/...::/ieloader.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...activex/mp3.ocx
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_1002535.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolba....0/0006_mp3.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.xs4all.nl/~kuhljf/nl.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab
  • 0

#3
computersrstupid
Posted 18 April 2005 - 06:50 PM

computersrstupid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
HI

i still haven't had any help yet and i'd really like some help i'm getting frustraded trying to get rid of this stupid thing so anybody can youu help me
And i don't kno what to do :tazz: and its making me mad so can somone please help me when they get a chance
  • 0

#4
computersrstupid
Posted 18 April 2005 - 07:11 PM

computersrstupid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
PLEASE HELP ME !!!!!!!!!!! ITS MESSING UP MY COMPUTER
AND MAKING ME MAD ;) HELP ME PLEASE
PLEASE
ANYONE CAN ANYONE HELP ME ;) :tazz:
I NEED HELP PLEASE PLEASE HELP ME
PLEASE
PLEASE
PLEASE???????????????
  • 0

#5
computersrstupid
Posted 18 April 2005 - 07:24 PM

computersrstupid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
WHY WON'T ANY ONE HELP ME???????????
PLEASE I WOULD LIKE TO USE MY COMPUTER AND THIS STUPID VIRUS IS [bleep] EVRYTHING UP!
UHHHHHHHH
I'LL JUST FIGURE IT OUT MYSELF
I DON'T CARE IF I MESS EVRYTHING UP AT LEAST I'VE TRIED
I JUST DON'T CARE ANYMORE I'VE HAD THIS STUPID THING FOR 4 [bleep] DAYS NOW [bleep] SAKES AND AT THIS RATE BY THE TIME YOU ANSWER ME IT WILL PROBLY BE TOO [bleep] UP TO FIX!!!!!!!!
  • 0

#6
computersrstupid
Posted 18 April 2005 - 07:39 PM

computersrstupid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
NEVER MIND THAT LAST REPLY I'M JUST REALLY TIRED TRYING TO GET THIS FIXED ITS PISSING ME OFF
BUT CAN ANYONE HELP ME I MEAN ANYONE
I DON'T CARE WHO ;)
IF I DONT GET HELP SOON THOE I THINK I'M GOING TO HAVE TO SURRENDER :tazz: AND GET AN EXPERT TO COME HERE AND LOOK AT IT EVN THOE I DON'T WANT TO PAY THAT KIND OF MONEY
BUT IF IT'LL GET THIS VIRUS OTU THEN I WILL
BUT PLEASE HELP ME BEFORE I HAVE TO DO THAT
PLEASE
PLEASE


PLEASE PLEASE PLEASE
I'M DESSPERATE

PLEASE
HELP ME PLEASE!!!!!!!!!!!!!!!!!!!!!!!!!
  • 0

#7
randomness
Posted 18 April 2005 - 08:22 PM

randomness

    New Member

  • Member
  • Pip
  • 2 posts
i got the same virus just 20 min ago...n thank god i have XP professional, i recovered my computer...a method i wasnt even sure of.. but it worked, the blue screen went away and everything was back to normal. but i dunno if window 98me have this option. you could try to find it in your control panel.
  • 0

#8
computersrstupid
Posted 19 April 2005 - 02:24 PM

computersrstupid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
HI


its been two days now and i still haven't had any one help me

can you please help me i've already tried evrything you suggested

i'd really like my computer to be back to normal soon


thankyou in advance


SARA




Be patient, we're VERY busy here, someone will help you eventually

-Avohir

Edited by Avohir, 19 April 2005 - 02:54 PM.

  • 0

#9
Daemon
Posted 20 April 2005 - 03:30 PM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/sp.htm?id=33464
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=33464
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\Y6ENG8~1.DLL
O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [hqdkj] C:\WINDOWS\hqdkj.exe
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\RD81N38L17OTHD.EXE
O4 - HKLM\..\Run: [¢‰¸ï0 4Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\NKARCB.EXE
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\DNSCLEANER.EXE
O4 - HKLM\..\Run: [CacheLoader] C:\WINDOWS\ML.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\HZLZVNOR7M8NI5.EXE
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/...::/ieloader.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...activex/mp3.ocx
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_1002535.cab
O16 - DPF: {7C559105-9ECF-42B8-B3F7-832E75EDD959} (Installer Class) - http://www.xxxtoolba....0/0006_mp3.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.xs4all.nl/~kuhljf/nl.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab

Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

C:\PROGRAM FILES\ADMILLI SERVICE <-- folder
c:\temp\salm.exe
C:\WINDOWS\hqdkj.exe
C:\WINDOWS\SYSTEM\RD81N38L17OTHD.EXE
C:\NKARCB.EXE
C:\Program Files\ISTsvc <-- folder
C:\WINDOWS\SYSTEM\HZLZVNOR7M8NI5.EXE
C:\WP.EXE

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
  • 0

#10
computersrstupid
Posted 20 April 2005 - 05:16 PM

computersrstupid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
okay i did everything you said i deleted all the files
but that blue screen that says
security warning an error has occured at 0028:c0011e36 in vxd vmm(01)+
0010e36.error was caused by trojan-spy.html.smitfraud.c
then it tells me to use a anti virus or spyware remover and that it can't go in normal mode thats still there
here is my log Logfile of HijackThis v1.99.1
Scan saved at 7:16:17 PM, on 4/20/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\WINDOWS\SYSTEM\E_S4I2D1.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\WINDOWS\LOADQM.EXE
C:\PROGRAM FILES\FINEPIXVIEWER\QUICKDCF.EXE
C:\PROGRAM FILES\ULEAD SYSTEMS\ULEAD PHOTO EXPRESS 2 SE\CALCHECK.EXE
C:\PROGRAM FILES\COREL\PRINT OFFICE 2000\CORELCENTRAL\PROGRAMS\ALARM.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = ?
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\Print Office 2000\CorelCENTRAL\Programs\alarm.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
  • 0

#11
Daemon
Posted 21 April 2005 - 12:40 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Click here to download eScan's mwav application. Double-click it to run it, select all local drives, scan all files, press 'scan' and when it is completed, anything found will be displayed in the lower pane. Highlight it, CTRL C and paste it in your next reply.
  • 0

#12
computersrstupid
Posted 24 April 2005 - 09:01 AM

computersrstupid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 20 posts
HI THANKS FOR ALL YOUR HELP I GOT RID OF THE VIRUS

BY DELETING THE FILES THAT SAID WERE INFECTED WITH THE TROJAN VIRUS AND IT WENT AWAY I WOULD OF REPLIED SOONER BUT I DELETED SOMTHING I SHOULDN'T HAVE AND HAD TO FIX THAT
SO IT ALL OKAY NOW THANKS AGAIN FOR ALL YOUR HELP
  • 0

#13
Daemon
Posted 25 April 2005 - 12:29 AM

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
You're welcome - glad to help :tazz:

To help keep you clean follow the recommendations in Tony's article here:

So how did I get infected in the first place?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP