Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Desktophijack and Trojan.Alemod

Started by dirtybirddaisy , Dec 29 2005 04:57 AM

  • Please log in to reply

#1
dirtybirddaisy
Posted 29 December 2005 - 04:57 AM

dirtybirddaisy

    New Member

  • Member
  • Pip
  • 1 posts
My Norton Antivirus recently found two trojans, Trojan.Desktophijack and Trojan.Alemod, infecting 2 critical Windows files, wininet.dll and oleext.dll. I was unable to clean the files until I found some posts on here dealing with the same issues. After running SmitRem and HijackThis, my antivirus doesn't pick up the trojans, but now when I start up Windows, I have 2 error messages that pop up.

"Windows cannot find **** *****. Make sure you typed the name correctly, then try again. To search for a file, click the start button, then click search."

"Could not load or run **** ***** specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry."

I have gone through the whole "start here" process, and I have 3 scan logs from SmitRem, HijackThis, and Panda Software. If I include these scan logs, can you tell me what is wrong?

Thanks!

Sarah

Logfile of HijackThis v1.99.1
Scan saved at 4:25:04 AM, on 12/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\CTHELPER.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\MMKeybd.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Stardock\TrayServer.exe
C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
C:\Program Files\Creative\ShareDLL\CtNotify.exe
C:\WINDOWS\surfmonkey\smproxy.exe
C:\Program Files\Netropa\OSD.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe
C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe
C:\Program Files\Common Files\AOL\1133756273\ee\AOLSoftware.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Creative\ShareDLL\MediaDet.Exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe
C:\Program Files\EarthLink TotalAccess\TaskPanl.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\MsgSys.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\webshots.scr
C:\Program Files\Sprint DSL virtual assistant\bin\mpbtn.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.earthlink...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://www.earthlink...ton/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://rd.yahoo.com/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.earthlink.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

http://start.earthlink.net/AL/Search
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://rd.yahoo.com/...com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SrchHook Class - {44F9B173-041C-4825-A9B9-D914BD9DCBB3} - C:\Program

Files\EarthLink TotalAccess\elnIE.dll
R3 - URLSearchHook: (no name) - ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - ~EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
F3 - REG:win.ini: load=??? ??? ??? ? ? ?????
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ElnkScamBHO Class - {15F4D456-5BAA-4076-8486-EECB38CD3E57} - C:\Program

Files\EarthLink TotalAccess\Toolbar\EScamBlk.dll
O2 - BHO: ElnkPubBHO Class - {512ACF1B-64D9-4928-B382-A80556F28DB4} - C:\Program Files\EarthLink

TotalAccess\Toolbar\ElnkPuB.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: IE_PopupBlocker Class - {656EC4B7-072B-4698-B504-2A414C1F0037} - C:\Program

Files\EarthLink TotalAccess\Accelerator\prpl_IePopupBlocker.dll
O2 - BHO: C:\WINDOWS\system32\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} -

C:\WINDOWS\system32\adsldpbe.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program

Files\AOL\AOL Toolbar 3.0\aoltb.dll
O2 - BHO: blank - {826B2228-BC09-49F2-B5F8-42CE26B1B712} - blank (file missing)
O2 - BHO: My Web Search Bar BHO - {8EAB99C1-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program

Files\MyWebSearchWB\bar\1.bin\W6BAR.DLL
O2 - BHO: ElnkProtectionBHO Class - {9579D574-D4D8-4335-9560-FE8641A013BD} - C:\Program

Files\EarthLink TotalAccess\Toolbar\ProtctIE.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program

files\google\googletoolbar1.dll
O2 - BHO: ElnkLegacyUninstBHO Class - {E713904C-DF05-4C79-BBAD-02DB923253BE} - C:\Program

Files\EarthLink TotalAccess\Toolbar\uninsttb.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft

Money\System\mnyviewer.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program

files\google\googletoolbar1.dll
O3 - Toolbar: EarthLink Toolbar - {C7768536-96F8-4001-B1A2-90EE21279187} - C:\Program Files\EarthLink

TotalAccess\Toolbar\Toolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL

Toolbar 3.0\aoltb.dll
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Taskbar Service] taskbar.svc
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft

Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\MMKeybd.exe
O4 - HKLM\..\Run: [Backup Service] backup.svc
O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [1A:Stardock TrayMonitor] "C:\Program Files\Common Files\Stardock\TrayServer.exe"
O4 - HKLM\..\Run: [SprintDSLSetup] D:\installs\BrdJmp\SprintDSLSetup.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SPRINT~1\SMARTB~1\SprintDSLAlert.exe
O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [ELNKProxy] C:\WINDOWS\surfmonkey\smproxy.exe
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPMon32.exe"
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\EarthLink TotalAccess\FastLane2\IPClient.exe" -l
O4 - HKLM\..\Run: [links] links.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1133756273\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.Exe -boot
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US

ee://aol/imApp
O4 - HKCU\..\Run: [PlaxoUpdate] C:\Program Files\Plaxo\2.5.10.17\PlaxoHelper.exe -a
O4 - HKCU\..\Run: [E6TaskPanel] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" -winstart
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat

7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Sprint DSL virtual assistant.lnk = C:\Program Files\Sprint DSL virtual

assistant\bin\matcli.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar

3.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program

files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program

files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program

files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program

files\google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL

Toolbar 3.0\aoltb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program

Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm (file

missing)
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} -

C:\WINDOWS\web\related.htm (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} -

C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft

Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\MSMSGS.EXE
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} -

C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .asx: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npdsplay.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: ppctlcab - http://ppupdates.ca....er/ppctlcab.cab
O16 - DPF: YExplorer1_8US.CAB - http://photos.groups...plorer1_8us.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program

Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} -

http://esupport.aol....oach_core_1.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -

http://upload.facebo...otoUploader.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.micros...b?1135842535514
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} -

https://echat.us.del...t/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoft...free/asinst.cab
O18 - Filter: text/html - (no CLSID) - (no file)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: gs - C:\WINDOWS\adsldpbd.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\q10605843.dll (file missing)
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner -

C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EarthLink Monitor Service (EarthLinkMonitor) - Boingo Wireless, Inc. - C:\Program

Files\EarthLink TotalAccess\WENGINE\wmonitor.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. -

C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program

Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation -

C:\WINDOWS\System32\nvsvc32.exe

___________________________________________________________________________________


Panda ActiveScan

Incident Status Location

Adware:Adware/Miamore Not disinfected C:\WINDOWS\system32\adsldpbe.dll
Spyware:spyware/new.net Not disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\Sarah\Application Data\Lycos
Adware:adware/blazefind Not disinfected Windows Registry
Dialer:Dialer.EXV Not disinfected C:\Documents and Settings\Sarah\Local Settings\Temp\khgkppmd.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc10.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc11.exe
Dialer:Dialer.BEW Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc12\connect[1][connect[1]]
Dialer:Dialer.NO Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc13\gdnUS250[1].exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc14.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc15.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc16.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc17.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc18.exe
Adware:Adware/Miamore Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc19.log
Adware:Adware/Coupons Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc2.ocx
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc4.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc5.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc6.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc8.exe
Dialer:Dialer.EXV Not disinfected C:\RECYCLER\S-1-5-21-1729697498-2020637620-97400744-1006\Dc9.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.10\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.11\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\gdnUS250.exe
Dialer:Dialer.NO Not disinfected C:\WINDOWS\Downloaded Program Files\gdnUS250.exe
_________________________________________________________________________________________


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Thu 12/29/2005
The current time is: 4:27:06.64

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 1360 'explorer.exe'
Killing PID 1360 'explorer.exe'
Killing PID 1360 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :tazz:
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP