Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

still can't remove trojan adware.32.exprdwnldr

Started by Havokboix , Feb 27 2008 01:24 PM

  • Please log in to reply

#1
Havokboix
Posted 27 February 2008 - 01:24 PM

Havokboix

    New Member

  • Member
  • Pip
  • 2 posts
Hey guys,

I tried to follow the instructions on how to remove from this forum but its still here.

here is the hijack file and pandascan can someone please help me out.
Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:22:00 AM, on 2/27/2008
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec\Ghost\bin\dbserv.exe
C:\Program Files\Symantec\Ghost\bin\rteng7.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\msiconf.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\efi\server\eficamx_runtime\eficamx.exe
D:\efi\server\system\winsnmpd.exe
C:\WINNT\system32\wuauclt.exe
D:\efi\server\system\ipp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: Ask Search Assistant BHO - {0A94B111-4504-4e26-AB05-E61E474AA38B} - C:\Program Files\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {F12DC8C6-4ECC-44FF-A7F1-715061FCB7A4} - C:\WINNT\system32\cmuti.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [AdobeVersionCue] C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [MSI Configuration] msiconf.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Command WorkStation 4.lnk = C:\Program Files\Fiery\Command WorkStation 4\CWS 4.exe
O4 - Global Startup: Fiery Spark Professional 2.0.lnk = D:\efi\server\system\tbicon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PalStart.lnk = C:\Program Files\Paltalk Messenger\palstart.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Search - http://edits.mywebse...?p=ZJxdm027YYCA
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\Program Files\Paltalk Messenger\Paltalk.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...p1.0.0.15-3.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.c...ntr_current.cab
O16 - DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} (WXcom Class) - http://us.dl1.yimg.c...ntr_current.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4F32BC4D-FF47-465B-8658-BE2D718011B6}: NameServer = 86.64.145.143
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Program Files\Adobe\Adobe Version Cue\service\VersionCue.exe
O23 - Service: Apache (apache) - Unknown owner - D:\efi\server\httpd\apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINNT\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINNT\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EFI Bootp Client (EFI_BOOTPC) - Unknown owner - D:\efi\server\system\bootpc.exe
O23 - Service: EFI Fiery (efi_fiery) - Unknown owner - D:\efi\server\system\sp.exe
O23 - Service: EFI IPP Server (efi_ipp) - Unknown owner - D:\efi\server\system\ipp.exe
O23 - Service: EFI SNMPD (EFI_SNMP) - Unknown owner - D:\efi\server\system\winsnmpd.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: Msfsnt - Logitech Inc. - C:\WINNT\system32\drivers\lvcodek.sys
O23 - Service: Symantec Ghost Database Service (ngdbserv) - Symantec Corporation - C:\Program Files\Symantec\Ghost\bin\dbserv.exe
O23 - Service: Symantec Ghost Configuration Server (NGServer) - Symantec Corporation - C:\Program Files\Symantec\Ghost\ngserver.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 10365 bytes



Incident Status Location

Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@247realmedia[2].txt
Spyware:Cookie/7search Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@7search[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@adrevolver[2].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@atwola[1].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@bfast[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@casalemedia[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@cgi-bin[1].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@clickbank[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@com[1].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@did-it[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@go[1].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@mediaplex[1].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@mysearch[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@overture[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@realmedia[2].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@serving-sys[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@statcounter[1].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@toplist[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep [email protected][1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@xiti[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Hiep Le\Cookies\hiep le@zedo[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@atdmt[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@bluestreak[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@casalemedia[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@questionmarket[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Hiep Le\Local Settings\Temp\Cookies\hiep le@tribalfusion[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@888[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@adrevolver[3].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@adtech[2].txt
Spyware:Cookie/AdvancedCleaner Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@advancedcleaner[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@bluestreak[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@bravenet[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@cassava[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@doubleclick[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@findwhat[1].txt
Spyware:Cookie/Comclick Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep [email protected][2].txt
Spyware:Cookie/Mysearch Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@mysearch[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@questionmarket[2].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@toplist[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@xiti[1].txt
Spyware:Cookie/PrivacyGuard Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Cookies\hiep le@yourprivacyguard[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix\Process.exe
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix\Reboot.exe
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix\restart.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Virus:Trj/Rebooter.J Disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix.zip[SmitfraudFix/Reboot.exe]
Potentially unwanted tool:Application/SuperFast Not disinfected C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix.zip[SmitfraudFix/restart.exe]
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
Virus:Generic Malware Disinfected C:\Program Files\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
Potentially unwanted tool:Application/Processor Not disinfected C:\SDFix\apps\Process.exe
Hacktool:Rootkit/Nuwar.MS Not disinfected C:\SDFix\backups\backups.zip[backups/bldy2def-18b0.sys]
Potentially unwanted tool:Application/Processor Not disinfected C:\WINNT\system32\Process.exe
Possible Virus. Not disinfected D:\MEP_PUBLIC\MEP_2000\davidsart\x-men\x-men\yahoo_dinerdash2_tm5-3.exe[dinerdash2.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\Software\AntiVirus-Adware_Spyware\Remove-Infected-With-Spyware\Print Your Photos Online.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected D:\Software\AntiVirus-Adware_Spyware\Remove-Infected-With-Spyware\smitRem\Process.exe



.
  • 0

Advertisements

#2
Havokboix
Posted 27 February 2008 - 01:25 PM

Havokboix

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
here is the smit too

SmitFraudFix v2.296

Scan done at 23:29:08.82, Tue 02/26/2008
Run from C:\Documents and Settings\Hiep Le.MAIN\Desktop\SmitfraudFix
OS: Microsoft Windows 2000 [Version 5.00.2195] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\Ati2evxx.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Symantec\Ghost\ngserver.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Symantec\Ghost\bin\dbserv.exe
C:\WINNT\system32\Ati2evxx.exe
C:\Program Files\Symantec\Ghost\bin\rteng7.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\WINNT\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\PROGRA~1\HEWLET~1\HPSHAR~1\hpgs2wnf.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\msiconf.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\AcroDist.exe
C:\Program Files\Paltalk Messenger\palstart.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
D:\efi\server\eficamx_runtime\eficamx.exe
D:\efi\server\system\winsnmpd.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINNT\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Hiep Le.MAIN


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Hiep Le.MAIN\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HIEPLE~1.MAI\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Marvell Gigabit Ethernet Controller
DNS Server Search Order: 192.168.0.1

Description: Marvell Gigabit Ethernet Controller
DNS Server Search Order: 86.64.145.143

HKLM\SYSTEM\CCS\Services\Tcpip\..\{4F32BC4D-FF47-465B-8658-BE2D718011B6}: NameServer=86.64.145.143
HKLM\SYSTEM\CCS\Services\Tcpip\..\{CC7D939D-D3F4-4DC0-979F-B8484CBE15C7}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{4F32BC4D-FF47-465B-8658-BE2D718011B6}: NameServer=86.64.145.143
HKLM\SYSTEM\CS1\Services\Tcpip\..\{CC7D939D-D3F4-4DC0-979F-B8484CBE15C7}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{4F32BC4D-FF47-465B-8658-BE2D718011B6}: NameServer=86.64.145.143
HKLM\SYSTEM\CS2\Services\Tcpip\..\{CC7D939D-D3F4-4DC0-979F-B8484CBE15C7}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP