Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PLEASE HELP ME GET RID OF THIS VIRUS ASAP

Started by Hot-And-Single , Apr 19 2005 04:49 PM

  • Please log in to reply

#1
Hot-And-Single
Posted 19 April 2005 - 04:49 PM

Hot-And-Single

    New Member

  • Member
  • Pip
  • 9 posts
:tazz: I have This Virus The trojan-spy.fruad.c
it happened a couple of nights ago
i tried ti get rid of it using all different kinds of pyware removers anto spyware adware remover and all the things you said to do before asking for help it didn't pick up on anything.
So if you could help me out and tell me whats wrong how this happened and how to fix it thank you
here is my highjackthis logfileLogfile of HijackThis v1.99.1
Scan saved at 6:53:52 PM, on 4/19/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v5.00 (5.00.2919.6304)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\WINDOWS\SYSTEM\E_S4I2D1.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\QTTASK.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
C:\TEMP\SALM.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLIKEEP.EXE
C:\WINDOWS\SYSTEM\RD81N38L17OTHD.EXE
C:\NKARCB.EXE
C:\WINDOWS\LOADQM.EXE
C:\WINDOWS\SYSTEM\HZLZVNOR7M8NI5.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NSCHED32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\QUICKTIME\QUICKTIMEPLAYER.EXE
C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/sp.htm?id=33464
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=33464
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\Y6ENG8~1.DLL
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [hqdkj] C:\WINDOWS\hqdkj.exe
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\RD81N38L17OTHD.EXE
O4 - HKLM\..\Run: [¢‰¸ï0 4Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\NKARCB.EXE
O4 - HKLM\..\Run: [LoadQM] loadqm.exe
O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\DNSCLEANER.EXE
O4 - HKLM\..\Run: [CacheLoader] C:\WINDOWS\ML.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\HZLZVNOR7M8NI5.EXE
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE
O4 - Startup: Data LifeGuard LifeLine Lite installer.lnk = ?
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\Print Office 2000\CorelCENTRAL\Programs\alarm.exe
O4 - Startup: BitDefender Live!.lnk = C:\WINDOWS\bdonlinescan\avxlive.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk144YYCA
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O15 - Trusted Zone: *.greg-search.com
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/...::/ieloader.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...activex/mp3.ocx
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_1002535.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.xs4all.nl/~kuhljf/nl.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefend...bitdefender.cab

Edited by Hot-And-Single, 19 April 2005 - 04:58 PM.

  • 0

Advertisements

#2
Hot-And-Single
Posted 27 April 2005 - 02:32 PM

Hot-And-Single

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi

could somone please help me its been a week now and still haven't heard fromm any one


so can somone please help me



thankyou
  • 0

#3
Metallica
Posted 08 June 2005 - 05:44 AM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid

Exit Add/Remove Programs.

*Click here and download Killbox by Option^Explicit.
*Extract the program to your desktop and double-click on its folder, then double-click on Killbox.exe to start the program.
*In the killbox program, select the Delete on Reboot option.
*Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\WINDOWS\sites.ini
C:\WINDOWS\popuper.exe
C:\WINDOWS\system32\hhk.dll
C:\WINDOWS\System32\helper.exe
C:\WINDOWS\System32\intmonp.exe
C:\WINDOWS\System32\msmsgs.exe
C:\WINDOWS\System32\ole32vbs.exe
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\System32\shnlog.exe
C:\WINDOWS\System32\intmon.exe
C:\WINDOWS\System32\msmsgs.exe
C:\PROGRAM FILES\ISTSVC\ISTSVC.EXE
C:\WINDOWS\DNSCLEANER.EXE
C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE

*Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
*Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

*IMPORTANT* Be sure you know how to VIEW HIDDEN FILES

Using Windows Explorer, delete the following (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

Reboot into normal mode.

A registry file to undo most of the changes is available here:
http://metallica.gee...m/smitfraud.reg
Doubleclick that file and confirm you want to merge it with the registry.

1.) Download the Hoster from HERE Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Download: http://www.mvps.org/.../DelDomains.inf
To use: right-click and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Download and run CWShredder from:
http://www.intermute...r_download.html
Use the Fix button.

Check the items listed below in HijackThis, close all windows except HijackThis and click Fix checked:

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://letgohome.com/sp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://letgohome.com/sp.htm?id=33464
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://letgohome.com/hp.htm?id=33464
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://letgohome.com/sp.htm?id=33464
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
R3 - URLSearchHook: (no name) - {CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - C:\PROGRAM FILES\SURFSIDEKICK 2\SSKBHO.DLL
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\SYSTEM\Y6ENG8~1.DLL

O4 - HKLM\..\Run: [Admilli Service] C:\PROGRAM FILES\ADMILLI SERVICE\ADMILLISERV.EXE
O4 - HKLM\..\Run: [salm] c:\temp\salm.exe
O4 - HKLM\..\Run: [hqdkj] C:\WINDOWS\hqdkj.exe
O4 - HKLM\..\Run: [Control handler] C:\WINDOWS\SYSTEM\RD81N38L17OTHD.EXE
O4 - HKLM\..\Run: [¢‰¸ï0 4Ã4}¤Áœ5]C:\Program Files\ISTsvc\istsvc.exe] C:\NKARCB.EXE

O4 - HKLM\..\Run: [dnscleaner] C:\WINDOWS\DNSCLEANER.EXE
O4 - HKLM\..\Run: [CacheLoader] C:\WINDOWS\ML.EXE
O4 - HKLM\..\Run: [Security iGuard] C:\PROGRAM FILES\SECURITY IGUARD\SECURITY IGUARD.EXE

O4 - HKLM\..\Run: [IST Service] \ISTsvc\istsvc.exe

O4 - HKCU\..\Run: [romahere3] C:\WINDOWS\SYSTEM\HZLZVNOR7M8NI5.EXE

O4 - HKCU\..\Run: [WindowsFY] C:\WP.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsear...?p=ZNxmk144YYCA
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\PROGRAM FILES\SIDEFIND\SIDEFIND.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {81CD8DA0-86A8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60033F00-88F9-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {93D0A3A0-89CF-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {40811CA0-8A8F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1E98FB00-8B5A-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2CEBD1E0-8C1E-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9293B8C0-8CEE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {60A20B00-8F23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C7F7240-8F43-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D25FAC0-90BD-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ABCB5F40-919F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D162C5C0-925F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {995328C0-93E8-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8DF522A0-93FA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {26C10CA0-94CE-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6E169A40-9652-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {22555540-9717-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {09B605A0-97E1-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {FAEA89E0-996D-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {B0949280-9A23-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {52C5F920-9A44-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {84128660-9BB6-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7A53BA80-9DFB-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {916CDFA0-9E3F-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {805FE5E0-9FAC-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7871A120-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {79969920-A2EA-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {74792200-A443-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F778E100-A519-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EA3E4040-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {ED20C6C0-A66B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F1264E00-AB90-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {D8360920-AC63-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BAD8A720-AD2B-11D9-B5F7-0001292382D8} - (no file) (HKCU)

O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c11.cab
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://greg-tut.com/...::/ieloader.exe
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topcon...activex/mp3.ocx
O16 - DPF: {771A1334-6B08-4A6B-AEDC-CF994BA2CEBE} (Installer Class) - http://www.ysbweb.co...ysb_1002535.cab
O16 - DPF: {9B4AA442-9EBF-11D5-8C11-0050DA4957F5} - http://www.xs4all.nl/~kuhljf/nl.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...up1.0.0.8-2.cab

Reboot into safe mode and delete:
C:\PROGRAM FILES\ADMILLI SERVICE <= entire folder
C:\PROGRAM FILES\ISTSVC <= entire folder

Post a new log when you are done. I'm afraid there will be more to do.

Regards,
  • 0

#4
Hot-And-Single
Posted 12 June 2005 - 10:41 AM

Hot-And-Single

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks so much i've been waitin gfor tha longest time heres my new highjack this log


Logfile of HijackThis v1.99.1
Scan saved at 12:49:19 PM, on 6/12/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\E_S4I2D1.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCK.EXE
C:\WINAMP.EXE
C:\PROGRAM FILES\MEDIA ACCESS\MEDIAACCESS.EXE
C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\CARPSERV.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DWLBVHC.EXE
C:\WINDOWS\CALC.EXE
C:\WINDOWS\EXPLORER.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [EPSON Stylus C84 Series] C:\WINDOWS\SYSTEM\E_S4I2D1.EXE /P23 "EPSON Stylus C84 Series" /O5 "LPT1:" /M "Stylus C84"
O4 - HKLM\..\Run: [RegShave] C:\Progra~1\REGSHAVE\REGSHAVE.EXE /autorun
O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [JVM0.14] C:\WINAMP.EXE
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] C:\WINDOWS\SYSTEM\mstask.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background
O4 - Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe
O4 - Startup: CorelCENTRAL Alarms.LNK = C:\Program Files\Corel\Print Office 2000\CorelCENTRAL\Programs\alarm.exe
O4 - Startup: Norton Program Scheduler.lnk = C:\Program Files\Norton AntiVirus\NSCHED32.EXE
  • 0

#5
Metallica
Posted 12 June 2005 - 01:50 PM

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 33,101 posts
Check the following items in HijackThis.
Close all windows except HijackThis and click Fix checked:

O4 - HKLM\..\Run: [Media Access] C:\PROGRAM FILES\MEDIA ACCESS\MediaAccK.exe
O4 - HKLM\..\Run: [JVM0.14] C:\WINAMP.EXE
O4 - HKLM\..\Run: [P2P NETWORKING] C:\WINDOWS\SYSTEM\P2P NETWORKING\P2P NETWORKING.EXE /AUTOSTART
O4 - HKLM\..\Run: [KAZAA] C:\Program Files\Kazaa\kazaa.exe /SYSTRAY

Reboot into safe mode and delete:
C:\PROGRAM FILES\MEDIA ACCESS <= entire folder
C:\WINAMP.EXE <= only the winamp.exe in that folder

Reboot to normal and post a new log.

Regards,
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP