Contracted Spysheriff Please Help

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

DannyD

Thread Starter
Joined
Jan 2, 2006
Messages
12
I contracted spysheriff, and, after browsing this site, it recommended I did not try to fix it myself. I have taken care of the background through help posted on another a different website, but I haven't taken care of the infection. If there is any help available I would gladly accept it and it is very appreciated.

-Danny
 
Joined
Jul 8, 2002
Messages
14,681
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

DannyD

Thread Starter
Joined
Jan 2, 2006
Messages
12
Logfile of HijackThis v1.99.1
Scan saved at 12:29:21 AM, on 1/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NVATray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\popcorn72.exe
C:\WINNT\system32\ctfmon.exe
C:\WINNT\system32\??oolsv.exe
C:\winstall.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bobby\Desktop\Clever Waste Of Time\HijackThis-1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\system32\msblank.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.141.204.211:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\lsnpm.dll
O2 - BHO: (no name) - {1EFB4E09-E96B-22B0-8757-625579AE726C} - C:\WINNT\system32\hmneydyg.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\lsnpm.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [Rxagik] C:\WINNT\Meruoq.exe
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn72.exe rundll.dll,LoadMouseProfile
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - HKCU\..\Run: [Taqzdbse] C:\WINNT\system32\??oolsv.exe
O4 - HKCU\..\Run: [System Kernal Support] system.exe
O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [Spyware Begone] C:\spywarebegone-fs\freescan.exe -FastScan
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINNT\system32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{32668846-B52E-410B-B34A-F194E23B22FB}: NameServer = 85.255.115.27,85.255.112.120
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning.
  • Run LQFix and click Next>>Next>>Install
  • Make sure Launch LQFix is checked and click Finish. Follow the onscreen prompts
  • Wait while your computer restarts (it may take longer than normal)
  • Go to Start>>Control Panel>>Add or Remove Program
  • Uninstall any of the following programs that appear in the list:

    ViewPoint Manager
    UnSpyPC
    SpywareBegone

  • Run HijackThis and click Do a system scan only
  • Put a checkmark next to any of the following entries that appear, and click Fix Checked:

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\system32\msblank.html
    R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
    O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\lsnpm.dll
    O2 - BHO: (no name) - {1EFB4E09-E96B-22B0-8757-625579AE726C} - C:\WINNT\system32\hmneydyg.dll (file missing)
    O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
    O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
    O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINNT\system32\lsnpm.dll
    O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    O4 - HKLM\..\Run: [Rxagik] C:\WINNT\Meruoq.exe
    O4 - HKLM\..\Run: [ControlPanel] C:\WINNT\system32\popcorn72.exe rundll.dll,LoadMouseProfile
    O4 - HKCU\..\Run: [Taqzdbse] C:\WINNT\system32\??oolsv.exe
    O4 - HKCU\..\Run: [System Kernal Support] system.exe
    O4 - HKCU\..\Run: [UnSpyPC] "C:\Program Files\UnSpyPC\UnSpyPC.exe"
    O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
    O4 - HKCU\..\Run: [Spyware Begone] C:\spywarebegone-fs\freescan.exe -FastScan
    O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINNT\system32\shdocvw.dll
  • Exit HijackThis
  • Run KillBox and select Delete on Reboot
  • Copy this list of file and folder locations:

    C:\Program Files\Viewpoint\
    C:\WINNT\Meruoq.exe
    C:\WINNT\system32\popcorn72.exe
    C:\WINNT\system32\??oolsv.exe
    C:\Program Files\UnSpyPC\
    system.exe
    C:\winstall.exe
    C:\spywarebegone-fs\
  • Go to File>>Paste from clipboard. Click All Files
  • Press the button with a red circle with an X in it, then Yes when prompted to restart your computer
    WARNING: Your computer will be restarted. Any unsaved work in open applications will be lost.​
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

DannyD

Thread Starter
Joined
Jan 2, 2006
Messages
12
Kaspersky:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, January 02, 2006 03:40:01
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/01/2006
Kaspersky Anti-Virus database records: 158358
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 65292
Number of viruses found: 21
Number of infected objects: 70
Number of suspicious objects: 0
Duration of the scan process: 5153 sec

Infected Object Name - Virus Name
C:\!KillBox\popcorn72.exe Infected: Trojan-Downloader.Win32.Small.bgv
C:\!KillBox\winstall.exe Infected: not-virus:Hoax.Win32.Renos.al
C:\data Infected: Trojan-Downloader.Win32.IstBar.ja
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02900000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02D40000.VBN Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80002.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80002.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80002.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80002.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80002.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\03F80003.VBN Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04000000.VBN Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04000001.VBN Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\040C0001.VBN Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04280000.VBN/GetAccess.class Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04280000.VBN/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04280000.VBN/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04280000.VBN/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04280000.VBN Infected: Trojan-Downloader.Java.OpenConnection.v
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\042C0002.VBN Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04300001.VBN Infected: Trojan.Java.ClassLoader.Dummy.a
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04340000.VBN Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04940000.VBN Infected: Trojan.Java.ClassLoader.c
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5980bc51-3f6ca2cb.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5980bc51-3f6ca2cb.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5980bc51-3f6ca2cb.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5980bc51-3f6ca2cb.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5980c178-2d98b241.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5980c178-2d98b241.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5980c178-2d98b241.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5980c178-2d98b241.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5da14268-779c3410.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5da14268-779c3410.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5da14268-779c3410.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-5da14268-779c3410.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-c486e07-2d80b061.zip/BlackBox.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-c486e07-2d80b061.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-c486e07-2d80b061.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-c486e07-2d80b061.zip Infected: Trojan-Downloader.Java.OpenConnection.aa
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f05170-273e267e.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f05170-273e267e.zip Infected: Trojan-Downloader.Java.OpenStream.w
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-421820e6.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.t
C:\Documents and Settings\Bobby\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-421820e6.zip Infected: Trojan-Downloader.Java.OpenStream.t
C:\Documents and Settings\Bobby\Local Settings\Temp\AcsProxyStub.ex$ Infected: Trojan-Clicker.Win32.Agent.di
C:\Documents and Settings\Bobby\Local Settings\Temp\dk.dial Infected: Trojan.Win32.Dialer.ay
C:\Documents and Settings\Bobby\Local Settings\Temp\iinstall41224.exe/data0001 Infected: Trojan-Downloader.Win32.INService.ja
C:\Documents and Settings\Bobby\Local Settings\Temp\iinstall41224.exe/data0003 Infected: Trojan-Downloader.Win32.IstBar.nn
C:\Documents and Settings\Bobby\Local Settings\Temp\iinstall41224.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.ja
C:\Documents and Settings\Bobby\Local Settings\Temp\iinstall41224.exe Infected: Trojan-Downloader.Win32.IstBar.ja
C:\Documents and Settings\Bobby\Local Settings\Temp\Incredifind.exe/data0002/data0006 Infected: Trojan-Downloader.Win32.Keenval.h
C:\Documents and Settings\Bobby\Local Settings\Temp\Incredifind.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval.h
C:\Documents and Settings\Bobby\Local Settings\Temp\Incredifind.exe/data0009 Infected: Trojan-Downloader.Win32.Keenval.n
C:\Documents and Settings\Bobby\Local Settings\Temp\Incredifind.exe/data0005 Infected: Trojan.Win32.Keenval.a
C:\Documents and Settings\Bobby\Local Settings\Temp\Incredifind.exe Infected: Trojan.Win32.Keenval.a
C:\Documents and Settings\Bobby\Local Settings\Temp\localNrd.cab/polall1l.exe Infected: Trojan-Dropper.Win32.Small.pv
C:\Documents and Settings\Bobby\Local Settings\Temp\localNrd.cab Infected: Trojan-Dropper.Win32.Small.pv
C:\Documents and Settings\Bobby\Local Settings\Temp\satmat.cab/satmat.exe Infected: Trojan-Downloader.Win32.Stubby.d
C:\Documents and Settings\Bobby\Local Settings\Temp\satmat.cab Infected: Trojan-Downloader.Win32.Stubby.d
C:\Documents and Settings\Bobby\Local Settings\Temp\THI26.tmp\farmmext.cab/farmmext.exe Infected: Trojan-Downloader.Win32.Stubby.c
C:\Documents and Settings\Bobby\Local Settings\Temp\THI26.tmp\farmmext.cab Infected: Trojan-Downloader.Win32.Stubby.c
C:\Program Files\Mozilla Firefox\1.dat Infected: Trojan-Downloader.Win32.Small.awa
C:\Program Files\Mozilla Firefox\2.dat Infected: not-virus:Hoax.Win32.Renos.al
C:\WINNT\system32\dgprpsetup.exe Infected: Trojan-Downloader.Win32.Small.bgv
C:\WINNT\system32\dial32.exe Infected: Trojan.Win32.Dialer.ay
C:\WINNT\system32\winctrl32.exe Infected: not-virus:Hoax.Win32.Renos.al
C:\WINNT\system32\winctrl64.exe Infected: Trojan-Downloader.Win32.Small.awa

Scan process completed.


HJT:

Logfile of HijackThis v1.99.1
Scan saved at 4:04:48 AM, on 1/2/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NVATray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bobby\Desktop\Clever Waste Of Time\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = C:\WINNT\system32\msblank.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.141.204.211:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32668846-B52E-410B-B34A-F194E23B22FB}: NameServer = 85.255.115.27,85.255.112.120
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe



Thanks again by the way. -DannyD
 
Joined
Jul 8, 2002
Messages
14,681
Use KillBox to delete these files:
C:\Program Files\Mozilla Firefox\1.dat
C:\Program Files\Mozilla Firefox\2.dat
C:\WINNT\system32\dgprpsetup.exe
C:\WINNT\system32\dial32.exe
C:\WINNT\system32\winctrl32.exe
C:\WINNT\system32\winctrl64.exe

Install and run CleanUp: http://www.stevengould.org/software/cleanup/

Restart your computer and let me know if you're still having problems.
 

DannyD

Thread Starter
Joined
Jan 2, 2006
Messages
12
I followed the steps you have listed, but when I rebooted my computer the green popup toolbar is still coming up. It only happens on startup but I'd like to get rid of it.
 
Joined
Jul 8, 2002
Messages
14,681
This should get rid of it
Please save or print these instructions before beginning
  • Save smitRem to your Desktop and run smitRem.exe
  • Open the smitRem folder and run RunThis.bat. Follow the onscreen prompts
  • Go to Start>>Control Panel>>Internet Options>>Programs
  • Click Reset Web Settings>>Apply>>OK
  • Go to Start>>Control Panel>>Display>>Desktop
  • Click Customize Desktop>>Web
  • If you see an entry called Security info or something similar, select it and click Delete>>OK>>Apply>>OK
  • Restart your computer
  • Post the contents of C:\smitfiles.txt
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

DannyD

Thread Starter
Joined
Jan 2, 2006
Messages
12
smitRem © log file
version 2.8

by noahdfear


Microsoft Windows 2000 [Version 5.00.2195]
The current date is: Tue 01/03/2006
The current time is: 0:08:45.43

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Killing PID 236 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)


Logfile of HijackThis v1.99.1
Scan saved at 2:22:45 AM, on 1/3/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\NVATray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bobby\Desktop\Clever Waste Of Time\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 82.141.204.211:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\WINNT\system32\Userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVIDIA nForce APU1 Utilities] NVATray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [webscan] C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe -k
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{32668846-B52E-410B-B34A-F194E23B22FB}: NameServer = 85.255.115.27,85.255.112.120
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
 

DannyD

Thread Starter
Joined
Jan 2, 2006
Messages
12
Well my computer as a whole runs much smoother now so most of the infection is gone. However, I still have the green bar popup at startup. So some of it must still be there. I hate to keep troubling you though. You've done so much for me already. I really do appreciate it.

-DannyD
 
Joined
Jul 8, 2002
Messages
14,681
Odd, try this:
  • Download and install Ewido Security Suite
  • During the installation, uncheck the following under Additional Options:

    Install background guard
    Install scan via context menu
  • Run Ewido and click OK when prompted to update the program
  • On the left side of the screen, click update>>Start
  • When the update is finished, exit Ewido
  • Run Ewido Security Suite
  • Click scanner>>Complete System Scan
  • Click OK when prompted to clean the problems found
  • When the scan is finished, click Save Report and save a copy of this log to your Desktop
  • Exit Ewido
  • Post the contents of the Ewido Security Suite report that you saved to your Desktop earlier


If its still there, post this log:

  • Run HijackThis and click Open the Misc Tools section
  • Click Open Uninstall Manager>>Save list and save the log to your Desktop
  • A list of programs will open in Notepad. Post the contents of the log here
 

DannyD

Thread Starter
Joined
Jan 2, 2006
Messages
12
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:50:23 PM, 1/4/2006
+ Report-Checksum: B59DAC40

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\CashBack -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher\CLSID -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\ADP.UrlCatcher.1 -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CB.UrlCatcher.1 -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000000-59D4-4008-9058-080011001200} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1A2883F2-FDC7-4AF2-B136-203ADB475DD7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} -> Spyware.TVMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6E21F428-5617-47F7-AED8-B2E1D8FBA711} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{708BE496-E202-497B-BC31-9CF47E3BF8D6} -> Spyware.IBIS : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BFEF1779-0E92-45A1-BF5E-55991007F912} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE188402-6EE7-4022-8868-AB25173A3E14} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.CDealHelperPopup.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents\CLSID -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents\CurVer -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DealPop.DealPopEvents.1 -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\DLMaxDll.DLMaxDllObj.1 -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\ImgConv.clsImgConv\Clsid -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{06E53101-654C-45EB-BFF6-E37E13B5972A} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0B16B278-B2E3-4CBF-85B5-E058878F728F} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1CFB8B32-4053-4144-AF6F-1540EEC7F101} -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{1DA40091-14B4-4C21-8170-A2CEEDE90B10} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{20F13844-04BC-4987-9964-2502F0DA54D3} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2DDD90D6-F153-4EA7-A324-4B2D83D1027E} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3AFAE37A-56A3-4850-B599-4DA9A9104B82} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3D89A731-9F4A-418F-A997-2D633C7C404C} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3E43040C-73C1-4898-A4F8-E2C9428B1167} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3E4C3E0B-6BBE-4C94-86CA-6F055A989693} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{68831D00-169E-4FEB-89B9-E099DF439321} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{81739076-56B7-42EC-A0AA-692794FDED1A} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{81EB72D7-3949-450F-B035-DE599959814F} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E1357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E2468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{8EEE58D5-130E-4CBD-9C83-35A0564E5678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A2CDAFB4-EB9C-4EFC-BCFC-A7AA6745FF7E} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A42C0EF4-1C76-43CC-989F-EADC7E4B755D} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A93B84C6-5278-473A-8027-F6304A291A7A} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{AA4939C3-DECA-4A48-A454-97CD587C0EF5} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BF9EE3A0-1A02-4265-A65F-AC4D4447F6BF} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C08175C6-B2B2-47FC-AF1A-32F77A6CB673} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C2E6831B-822B-4A1F-9EF1-1D3EB7D3E985} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED11357} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED12468} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C6906A23-4717-4E1F-B6FD-F06EBED15678} -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C9679631-7060-443F-BD37-88F9410ED8C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DEBA1742-2BEC-4B78-A987-5837971193F7} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EEE4A2E5-9F56-432F-A6ED-F6F625B551E0} -> Dialer.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F3816084-9608-485A-B63B-CAD8F931577E} -> Spyware.DealHelper : Cleaned with backup
HKLM\SOFTWARE\Classes\LocalNRDDll.LocalNRDDllObj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\LocalNRDDll.LocalNRDDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\LocalNRDDll.LocalNRDDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\LocalNRDDll.LocalNRDDllObj.1 -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher\CLSID -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\NLS.UrlCatcher.1 -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{15E7D23B-736E-46FA-BFFD-CBEC4126BEFD} -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{230C3786-1C2C-45BD-9D2D-9D277FCE6289} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{3FA866AC-40D7-4FE6-BABF-78EE854A4325} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{46605C8C-D306-4E2D-B367-9B53690CB867} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4B76F69E-247A-4617-ABA9-95774658AFC5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516B2C3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516C2E3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4EB7BBE8-2E15-424B-9DDB-2CDB9516E2A3} -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{7C9E9A74-1922-409E-AB46-E48784336C3A} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{EE6F3F6A-AD8E-48DA-9B1D-D5204B2D227D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F0F4C299-735E-4EAC-B2F9-F97324D5CC1D} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj\CLSID -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj\CurVer -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\ZServDll.ZServDllObj.1 -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0 -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows SR 3.0\- -> Spyware.BlazeFind : Cleaned with backup
HKLM\SOFTWARE\msbb -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKLM\SOFTWARE\SecureWin -> Spyware.Adlogix : Cleaned with backup
HKU\.DEFAULT\Software\DealHelper -> Spyware.DealHelper : Cleaned with backup
HKU\.DEFAULT\Software\DealHelper\Category -> Spyware.DealHelper : Cleaned with backup
HKU\.DEFAULT\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\Bundles -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\DLMax -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\LocalNRD -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\Microsoft\Internet Explorer\Explorer Bars\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\msbb -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
HKU\S-1-5-21-1960408961-2049760794-839522115-1000\Software\ZServ -> Spyware.BetterInternet : Cleaned with backup
[140] VM_00B40000 -> Downloader.Agent.uj : Error during cleaning
[160] VM_009B0000 -> Downloader.Agent.uj : Error during cleaning
[236] VM_00840000 -> Downloader.Agent.uj : Error during cleaning
[480] VM_00770000 -> Downloader.Agent.uj : Error during cleaning
[460] VM_00780000 -> Downloader.Agent.uj : Error during cleaning
C:\!KillBox\1.dat -> Downloader.Small.awa : Cleaned with backup
C:\!KillBox\2.dat -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\!KillBox\dgprpsetup.exe -> Downloader.Small.bgv : Cleaned with backup
C:\!KillBox\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup
C:\!KillBox\popcorn72.exe -> Downloader.Small.bgv : Cleaned with backup
C:\!KillBox\winctrl32.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\!KillBox\winctrl64.exe -> Downloader.Small.awa : Cleaned with backup
C:\!KillBox\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.al : Cleaned with backup
C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Bobby\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Bobby\Desktop\Clever Waste Of Time\backups\backup-20060102-010851-336.dll -> Spyware.SBSoft : Cleaned with backup
C:\windows\bundles\vl_ezstub.exe -> Adware.eZula : Cleaned with backup
C:\WINNT\systb.exe/systb.dll -> Spyware.ImiBar : Error during cleaning
C:\WINNT\system32\lsnpm.dll -> Spyware.SBSoft : Cleaned with backup
C:\WINNT\wt\wtupdates\Webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINNT\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End


HJT Log:

AC3Filter (remove only)
Ad-aware 6 Personal
Adobe Photoshop 7.0
AOL Instant Messenger
ASUS Probe V2.15.07
AsusUpdate V3.29.06
AV Music Morpher 2.0.96
BitTorrent 4.0.1
CleanUp!
Conquer 1.0
Direct Connect 2.0
DirectX 9 Hotfix - KB839643
DiscJuggler
Elemental Destiny 1.0.0.4
ewido anti-malware
ffdshow (remove only)
FruityLoops Studio Producer Edition v4.01
Gangsters
HijackThis 1.99.1
Java 2 Runtime Environment, SE v1.4.2
Kaspersky On-line Scanner
Kazaa Lite K++ v2.4.3
LiveUpdate 1.80 (Symantec Corporation)
Loradon Online
LQfix 2.1
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Internet Explorer 6 SP1
Microsoft Office Professional Edition 2003
Microsoft Reader
Microsoft VGX Q833989
mIRC
Mozilla Firefox (1.0.4)
Myrmidia
Nero 6 Ultra Edition
NVIDIA Audio Driver
NVIDIA Display Driver
NVIDIA nForce APU1 Utilities
NVIDIA Windows 2000/XP Display Drivers
OpenSSL 0.9.7d
Outlook Express Q823353
Pop-Up Stopper
RealPlayer
RTP for RM2K (Png, Wav, Midi, Fonts)
Shockwave
SmartFTP
Sony ACID 4.0f
Sony Sound Forge 7.0a
SoulSeek 157 test 5
SoulSeek Client 155
Spybot - Search & Destroy 1.4
Starcraft
StepMania CVS (remove only)
Symantec AntiVirus Client
Tag&Rename
Trojan Remover 6.4.5
Viewpoint Media Player
WildTangent Web Driver
WinAce Archiver
Winamp (remove only)
Windows 2000 Hotfix - KB329115
Windows 2000 Hotfix - KB820888
Windows 2000 Hotfix - KB822831
Windows 2000 Hotfix - KB823182
Windows 2000 Hotfix - KB823559
Windows 2000 Hotfix - KB823980
Windows 2000 Hotfix - KB824105
Windows 2000 Hotfix - KB824141
Windows 2000 Hotfix - KB824146
Windows 2000 Hotfix - KB825119
Windows 2000 Hotfix - KB826232
Windows 2000 Hotfix - KB828028
Windows 2000 Hotfix - KB828035
Windows 2000 Hotfix - KB828741
Windows 2000 Hotfix - KB828749
Windows 2000 Hotfix - KB833407
Windows 2000 Hotfix - KB834707
Windows 2000 Hotfix - KB835732
Windows 2000 Hotfix - KB837001
Windows 2000 Hotfix - KB839645
Windows 2000 Hotfix - KB840315
Windows 2000 Hotfix - KB840987
Windows 2000 Hotfix - KB841356
Windows 2000 Hotfix - KB841533
Windows 2000 Hotfix - KB841872
Windows 2000 Hotfix - KB841873
Windows 2000 Hotfix - KB842526
Windows 2000 Hotfix (SP5) Q818043
Windows Media Player Hotfix [See wm828026 for more information]
Windows Media Player system update (9 Series)
Windows SR 2.0
WSEM Update
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top