Please help My desktop is blue and says spyware infection PLEASE HELP

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

sec4allstar

Thread Starter
Joined
Jun 4, 2005
Messages
68
i dont know wat happened but adaware didnt fix it please help

heres my Hijackthis log

Logfile of HijackThis v1.99.1
Scan saved at 12:15:30 AM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\MMDiag.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Rashad\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.futureproducers.com/forums
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [04ug0i7k.dll] RUNDLL32.EXE 04ug0i7k.dll,b 439254343
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://www.help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124907571608
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81D05380-CA02-43AD-8D37-4C5B4D9B68AF}: NameServer = 24.29.99.17,24.29.99.18
O20 - Winlogon Notify: ssldr - C:\WINDOWS\SYSTEM32\ssldr32.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
 
Joined
Jul 8, 2002
Messages
14,681
Please save or print these instructions before beginning
  • Save smitRem to your Desktop and run smitRem.exe
  • Download and install Ewido Security Suite
  • During the installation, uncheck the following under Additional Options:

    Install background guard
    Install scan via context menu
  • Run Ewido and click OK when prompted to update the program
  • On the left side of the screen, click update>>Start
  • When the update is finished, exit Ewido
  • Open the smitRem folder and run RunThis.bat. Follow the onscreen prompts
  • Run Ewido Security Suite
  • Click scanner>>Complete System Scan
  • Click OK when prompted to clean the problems found
  • When the scan is finished, click Save Report and save a copy of this log to your Desktop
  • Exit Ewido
  • Go to Start>>Control Panel>>Internet Options>>Programs
  • Click Reset Web Settings>>Apply>>OK
  • Go to Start>>Control Panel>>Display>>Desktop
  • Click Customize Desktop>>Web
  • If you see an entry called Security info or something similar, select it and click Delete>>OK>>Apply>>OK
  • Restart your computer
  • Post the contents of C:\smitfiles.txt
  • Post the contents of the Ewido Security Suite report that you saved to your Desktop earlier
  • Run HijackThis and click Do a system scan and save a log file
  • Your HijackThis log will open in Notepad. Post the contents of the log here
 

sec4allstar

Thread Starter
Joined
Jun 4, 2005
Messages
68
Thanks Alot heres the logs

Ewido
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:09:27 AM, 12/27/2005
+ Report-Checksum: 130EA76B

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned without backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned without backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned without backup
[248] C:\WINDOWS\system32\ssldr32.dll -> Proxy.Agent.hs : Cleaned without backup
C:\Documents and Settings\$$T.K.$$\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\$$T.K.$$\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\$$T.K.$$\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\$$T.K.$$\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\$$T.K.$$\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\$$T.K.$$\Cookies\[email protected][1].txt -> Spyware.Cookie.Hypertracker : Cleaned without backup
C:\Documents and Settings\$$T.K.$$\Cookies\[email protected][1].txt -> Spyware.Cookie.Paypopup : Cleaned without backup
C:\Documents and Settings\$$T.K.$$\Local Settings\Temporary Internet Files\Content.IE5\CPAZ2NSH\prompt[1].htm -> Downloader.IstBar.j : Cleaned without backup
C:\Documents and Settings\$$T.K.$$\Local Settings\Temporary Internet Files\Content.IE5\E069314S\prompt[1].htm -> Downloader.IstBar.j : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Valueclick : Cleaned without backup
C:\Documents and Settings\Rashad\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temp\4AA.tmp -> Proxy.Agent.hs : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temp\4AB.tmp -> Downloader.CWS.r : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temp\a.exe -> Downloader.Harnig.ax : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temp\VVSNInst.exe -> Adware.SaveNow : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\05OP67GH\kl[1].txt -> Trojan.Agent.bu : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\2BYVYTYV\mm[2].js -> Spyware.Chitika : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\7F9VBPOO\inst_0004[1].exe -> Downloader.Small.cam : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\7F9VBPOO\tool4[1].txt -> Trojan.Small : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\C109AR8T\ltndload[1].dll -> Adware.Sud : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\C109AR8T\tool5[1].txt -> Trojan.Small : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\INONV890\country[1].htm -> Trojan.Small : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\K1OFCB8B\loaderadv470[1].exe -> Downloader.Harnig.ax : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\K5WFCNCP\ms1[1].txt -> Downloader.Tiny.al : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\M54DOHUN\hosts[1].txt -> Trojan.Qhost.el : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\UZ2JITER\tool1[1].txt -> Trojan.Small : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\WNUBAP6L\mng[1].exe -> Proxy.Agent.hs : Cleaned without backup
C:\Documents and Settings\Rashad\Local Settings\Temporary Internet Files\Content.IE5\YX6R0TAZ\tool2[1].txt -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned without backup
C:\Documents and Settings\Rashad\My Documents\Incomplete\T-198236-_working_ racknrump.rar/setup.exe -> Downloader.IstBar.nj : Cleaned without backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll -> Trojan.Agent.bu : Cleaned without backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe -> Trojan.Agent.bu : Cleaned without backup
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll -> Trojan.Agent.bu : Cleaned without backup
C:\Program Files\SpySheriff -> Spyware.SpySheriff : Cleaned without backup
C:\Program Files\SpySheriff\base.avd -> Spyware.SpySheriff : Cleaned without backup
C:\Program Files\SpySheriff\base001.avd -> Spyware.SpySheriff : Cleaned without backup
C:\Program Files\SpySheriff\base002.avd -> Spyware.SpySheriff : Cleaned without backup
C:\Program Files\SpySheriff\found.wav -> Spyware.SpySheriff : Cleaned without backup
C:\Program Files\SpySheriff\notfound.wav -> Spyware.SpySheriff : Cleaned without backup
C:\Program Files\SpySheriff\removed.wav -> Spyware.SpySheriff : Cleaned without backup
C:\Program Files\SpySheriff\SpySheriff.dvm -> Spyware.SpySheriff : Cleaned without backup
C:\Program Files\SpySheriff\SpySheriff.exe -> Spyware.SpySheriff : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1BF.tmp -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C1.tmp -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C2.tmp -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C3.tmp -> Spyware.Cookie.Counted : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C4.tmp -> Spyware.Cookie.Bluestreak : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C6.tmp -> Spyware.Cookie.Burstnet : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C7.tmp -> Spyware.Cookie.Casalemedia : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1C8.tmp -> Spyware.Cookie.Centrport : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CA.tmp -> Spyware.Cookie.Com : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CB.tmp -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CC.tmp -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CD.tmp -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CE.tmp -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1CF.tmp -> Spyware.Cookie.Hotlog : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D1.tmp -> Spyware.Cookie.Mediaplex : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D2.tmp -> Spyware.Cookie.Questionmarket : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D4.tmp -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D5.tmp -> Spyware.Cookie.Spylog : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D6.tmp -> Spyware.Cookie.Onestat : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D7.tmp -> Spyware.Cookie.Statcounter : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D8.tmp -> Spyware.Cookie.Trafficmp : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1D9.tmp -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1DA.tmp -> Spyware.Cookie.Valueclick : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1DB.tmp -> Spyware.Cookie.Adserver : Cleaned without backup
C:\WINDOWS\country.exe -> Trojan.Small : Cleaned without backup
C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned without backup
C:\WINDOWS\kl.exe -> Trojan.Agent.bu : Cleaned without backup
C:\WINDOWS\ms1.exe -> Downloader.Tiny.al : Cleaned without backup
C:\WINDOWS\system32\04ug0i7k.dll -> Adware.Sud : Cleaned without backup
C:\WINDOWS\system32\ssldr32.dll -> Proxy.Agent.hs : Cleaned without backup
C:\WINDOWS\tool1.exe -> Trojan.Small : Cleaned without backup
C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Win32.Renos.aj : Cleaned without backup
C:\WINDOWS\tool4.exe -> Trojan.Small : Cleaned without backup
C:\WINDOWS\tool5.exe -> Trojan.Small : Cleaned without backup


::Report End


Smitfiles.txt

smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 12/27/2005
The current time is: 11:24:56.06

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~

logfiles


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 [email protected]
Killing PID 764 'explorer.exe'
Killing PID 764 'explorer.exe'

Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)



Kaspersky Online Scanner
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, December 27, 2005 15:08:58
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 27/12/2005
Kaspersky Anti-Virus database records: 157620
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 110691
Number of viruses found: 20
Number of infected objects: 49
Number of suspicious objects: 0
Duration of the scan process: 7801 sec

Infected Object Name - Virus Name
C:\Documents and Settings\$$T.K.$$\Local Settings\Temporary Internet Files\Content.IE5\012F0TIF\ysb_prompt[1].htm Infected: Trojan-Downloader.JS.IstBar.j
C:\Program Files\Norton AntiVirus\Quarantine\006163DC.tmp Infected: Trojan.Java.ClassLoader.ai
C:\Program Files\Norton AntiVirus\Quarantine\0A597F62.cla Infected: Trojan.Java.ClassLoader.ai
C:\Program Files\Norton AntiVirus\Quarantine\0A5C295E.cla Infected: Trojan.Java.ClassLoader.ai
C:\Program Files\Norton AntiVirus\Quarantine\0A5F535B.cla Infected: Trojan.Java.ClassLoader.ai
C:\Program Files\Norton AntiVirus\Quarantine\0F284398.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\0F391586.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\0F3F697F.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\0F503B6D.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\0F910325.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\240E16CA.tmp Infected: Trojan-Dropper.Win32.Small.zp
C:\Program Files\Norton AntiVirus\Quarantine\241240C7.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\Program Files\Norton AntiVirus\Quarantine\241814BF.exe Infected: Trojan-Dropper.Win32.Small.zp
C:\Program Files\Norton AntiVirus\Quarantine\241B3EBC.dll Infected: Trojan-Downloader.Win32.Agent.rm
C:\Program Files\Norton AntiVirus\Quarantine\241F68B8.txt Infected: Trojan-Downloader.Win32.Adload.j
C:\Program Files\Norton AntiVirus\Quarantine\2772686F.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\2772686F.txt Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\31FB37C3.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\31FB37C3.txt Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\375B1EEB.htm Infected: Exploit.HTML.Mht
C:\Program Files\Norton AntiVirus\Quarantine\48F25D30.cla Infected: Exploit.Java.Bytverify
C:\Program Files\Norton AntiVirus\Quarantine\4FD55239.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\5C5E268A.tmp Infected: Trojan.Java.ClassLoader.ai
C:\Program Files\Norton AntiVirus\Quarantine\647B0D53.cla Infected: Trojan.Java.ClassLoader.c
C:\Program Files\Norton AntiVirus\Quarantine\64883545.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\681A2157.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\6821754F.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\6821754F.txt Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\68241F4C.exe Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\68241F4C.txt Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\6D3A466E.txt Infected: Packed.Win32.Klone.b
C:\Program Files\Norton AntiVirus\Quarantine\709D2251.tmp Infected: Trojan.Java.ClassLoader.ai
C:\Program Files\Norton AntiVirus\Quarantine\74C907F4.js Infected: Trojan-Downloader.JS.IstBar.ad
C:\Program Files\Norton AntiVirus\Quarantine\74E357D7.js Infected: Trojan-Downloader.JS.IstBar.af
C:\Program Files\Norton AntiVirus\Quarantine\7F2A0121.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023728.exe Infected: Trojan-Downloader.Win32.Small.cam
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023729.exe Infected: not-virus:Hoax.Win32.Renos.aj
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023730.exe Infected: Trojan-Downloader.Win32.Adload.l
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023739.exe Infected: Trojan.Win32.StartPage.aw
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023786.dll Infected: Trojan-Downloader.Win32.Agent.rm
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023787.exe Infected: Trojan-Downloader.Win32.Adload.j
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023801.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023802.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023803.dll Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023806.exe Infected: Trojan-PSW.Win32.Agent.bu
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023807.exe Infected: Trojan-Downloader.Win32.Tiny.al
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023810.exe Infected: not-virus:Hoax.Win32.Renos.aj
C:\System Volume Information\_restore{DC8F221C-2DEB-4485-9464-A070A58A5826}\RP169\A0023817.dll Infected: Trojan-Proxy.Win32.Agent.hs
C:\WINDOWS\system32\paytime.exe Infected: Trojan.Win32.StartPage.agp

Scan process completed.



HJT
Logfile of HijackThis v1.99.1
Scan saved at 3:11:45 PM, on 12/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DeltTray.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Integrator.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Rashad\Desktop\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.futureproducers.com/forums
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O1 - Hosts: 216.19.0.250 idenupdate.motorola.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [M-Audio Delta Taskbar Icon] C:\WINDOWS\System32\DeltTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
O4 - HKLM\..\Run: [04ug0i7k.dll] RUNDLL32.EXE 04ug0i7k.dll,b 439254343
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: Hare.lnk = C:\Program Files\Dachshund Software\Hare\Hare.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01111C00-3E00-11D2-8470-0060089874ED} (Support.com ActionRunner Class) - http://www.help.rr.com/Foundrysdccommon/download/tgctlar.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst20040510.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124907571608
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{81D05380-CA02-43AD-8D37-4C5B4D9B68AF}: NameServer = 24.29.99.17,24.29.99.18
O20 - Winlogon Notify: ssldr - ssldr32.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe




and also i dont think the kasperky scan removed anything it just scanned
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top