Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

log here many problems

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

log here many problems

Unread postby timroc9 » September 1st, 2005, 11:38 am

heresa log but some other problems are the internet explorer says ntheres an error and opens but then it jus a white page i have a program called srysheriff popping up all the time my daesktop wallpaper says your infected and i have to res x's from windows that keep popping up saying im infected heres a log HELP

le of HijackThis v1.99.1
Scan saved at 11:36:06 AM, on 9/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real Spy Monitor\winrsm.exe
C:\winstall.exe
C:\winstall.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\sysvcs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Tim Miller\Local Settings\Temp\Temporary Directory 12 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Real Spy Monitor] "C:\Program Files\Real Spy Monitor\winrsm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O21 - SSODL: System - {4B8C24EA-DC80-4C5B-BB22-13EE5B3ABD83} - vr_sys.dll (file missing)
O21 - SSODL: AOL Instant Messenger - {DD015123-F287-ADE0-8235-BABCAD05939B} - c:\program files\aim\ueqcgq32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
User avatar
timroc9
Regular Member
 
Posts: 47
Joined: June 19th, 2005, 6:12 pm
Location: nj
Advertisement
Register to Remove

Unread postby Susan528 » September 1st, 2005, 12:21 pm

Hello and Welcome timroc9,

Please move the hijackthis.exe to a folder like C:\HJT. You have it in a temporary folder and when temporary files are deleted, we will lose it too.
C:\Documents and Settings\Tim Miller\Local Settings\Temp\Temporary Directory 12 for hijackthis.zip\HijackThis.exe

Please post your log again.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby timroc9 » September 1st, 2005, 12:30 pm

ok here it is but i think i am more concerned with getting my internet fixed first because i am haveing a very hard time getting on a bunch of errors pop up

Logfile of HijackThis v1.99.1
Scan saved at 12:27:37 PM, on 9/1/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Real Spy Monitor\winrsm.exe
C:\winstall.exe
C:\winstall.exe
C:\WINDOWS\System32\sysvcs.exe
C:\Program Files\SpySheriff\SpySheriff.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [Real Spy Monitor] "C:\Program Files\Real Spy Monitor\winrsm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O21 - SSODL: System - {4B8C24EA-DC80-4C5B-BB22-13EE5B3ABD83} - vr_sys.dll (file missing)
O21 - SSODL: AOL Instant Messenger - {DD015123-F287-ADE0-8235-BABCAD05939B} - c:\program files\aim\ueqcgq32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
User avatar
timroc9
Regular Member
 
Posts: 47
Joined: June 19th, 2005, 6:12 pm
Location: nj

Unread postby Susan528 » September 1st, 2005, 1:04 pm

Hello timroc9,

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:[list=1]
[*]Restart your computer
[*]After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
[*]Instead of Windows loading as normal, a menu should appear
[*]Select the first option, to run Windows in Safe Mode.

Please view how to see hidden files in Windows.
How to see hidden files in Windows.

==================
Go to Add/Remove programs and remove(uninstall) the following, if present:
Viewpoint Manager
Real Spy Monitor - remove unless you installed it yourself!
Real Spy Monitor
The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
Realspy keystroke logger/monitoring program - remove unless you installed it yourself!
O4 - HKLM\..\Run: [Real Spy Monitor] "C:\Program Files\Real Spy Monitor\winrsm.exe"

O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sysvcs.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe

O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} - http://www.miniclip.com/platypus/miniclipGameLoader.dll

O21 - SSODL: System - {4B8C24EA-DC80-4C5B-BB22-13EE5B3ABD83} - vr_sys.dll (file missing)
O21 - SSODL: AOL Instant Messenger - {DD015123-F287-ADE0-8235-BABCAD05939B} - c:\program files\aim\ueqcgq32.dll

Now, with all windows closed except HiJackThis, click "Fix checked".

===============
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...
C:\Program Files\Viewpoint
Realspy keystroke logger/monitoring program - remove unless you installed it yourself!
C:\Program Files\Real Spy Monitor
C:\Program Files\SpySheriff

files...
C:\winstall.exe
C:\WINDOWS\System32\sysvcs.exe
c:\program files\aim\ueqcgq32.dll

-
Note that some of these file(s) may or may not be present.
===================================================

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
• Click [Scanner]
• Click [Complete System Scan] to begin scanning.
• Click [OK] when prompted to clean files
• With the first file it prompts to clean, select the option - "Perform action on all infections" - & choose clean and click [OK].
• Once finished, click the [Save report] button
• Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Website > Uncheck "Security Info" if present.

Reboot back into Windows and go to Panda ActiveScan, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby timroc9 » September 3rd, 2005, 5:43 pm

i am doing it now sorry its took so long
User avatar
timroc9
Regular Member
 
Posts: 47
Joined: June 19th, 2005, 6:12 pm
Location: nj

Unread postby timroc9 » September 3rd, 2005, 10:41 pm

hi the panda scan i dont know if i did the right thing because i didnt get a log but heres everything else also my computer has kinda of lost like color for exaple the start menu was blue now its gray and i tried but cant change it and my computer is also running a bit slow

hi jack log
Logfile of HijackThis v1.99.1
Scan saved at 10:37:13 PM, on 9/3/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\FBM Software\ZeroSpyware 2004\NetGuard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [ZeroSpyware] "C:\Program Files\FBM Software\ZeroSpyware 2004\ZeroSpyware.exe" -STARTUP
O4 - HKCU\..\Run: [NetGuard] "C:\Program Files\FBM Software\ZeroSpyware 2004\NetGuard.exe" -STARTUP
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan ... asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

ewido log
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:38:46 PM, 9/3/2005
+ Report-Checksum: E875D21A

+ Scan result:

HKLM\SOFTWARE\Classes\AtlControl.AtlCtrl -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\AtlControl.AtlCtrl\CLSID -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\AtlControl.AtlCtrl\CurVer -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1674BCBE-46DE-7BAB-FBFA-CA15D9FEB632} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C559105-9ECF-42b8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B26E0DA6-7964-2B58-9B4B-94CBAA3AFF83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C886256C-7A63-4213-AD2F-02AD3735DF06} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{3F947DE3-D937-414D-AF0A-548A4148A5E6} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{717BEB87-70F4-4EAB-80D4-E357B3619530} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ISTx.Installer\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{C89E0F84-3C34-43D1-A72C-AF1A160A7C07} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{D6C76AA4-8532-4AFD-841D-287972A9E1E8} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\STO -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Tim Miller\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-531c338a-226667a1.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@cz4.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@cz8.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@e-2dj6wjk4kndpoco.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@linkbuddies[2].txt -> Spyware.Cookie.Linkbuddies : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@programs.wegcash[2].txt -> Spyware.Cookie.Wegcash : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@stats3.porntrack[1].txt -> Spyware.Cookie.Porntrack : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@www.burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Tim Miller\Cookies\tim miller@www.sidefind[2].txt -> Spyware.Cookie.Sidefind : Cleaned with backup
C:\Downloads\GoldMinerSetup-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\HJT\backups\backup-20050510-184157-995.dll -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP175\A0038848.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP175\A0038849.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039570.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039580.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039595.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039597.exe -> Trojan.Crypt.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039598.exe -> Trojan.Crypt.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039606.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039616.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039617.exe -> Trojan.Crypt.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039618.exe -> Trojan.Crypt.i : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039630.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039650.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039659.dll -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039673.exe -> Spyware.Ipyn : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039676.exe -> Trojan.Agent.bi : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039681.exe -> TrojanDownloader.Apropo.g : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039693.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039702.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039712.EXE -> TrojanSpy.KBMan : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039721.dll -> Spyware.SpywareNo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039736.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039799.exe -> Not-A-Virus.Hoax.Renos.m : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039802.dll -> TrojanDownloader.Murlo.ar : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP198\A0039809.dll -> Spyware.SpywareNo : Cleaned with backup
C:\WINDOWS\CLOCK.AVI:pcmln -> TrojanDownloader.Agent.lz : Cleaned with backup
C:\WINDOWS\DelIndex.BAT:sigzyz -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\DELL.BMP:bquxh -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\DELL.BMP:zdxej -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\DirectX.log:lizetj -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\DtcInstall.log:gslbm -> TrojanDownloader.Agent.lz : Cleaned with backup
C:\WINDOWS\DtcInstall.log:uahpne -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\DtcInstall.log:wmwjjo -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\dyeax.txt:dsxqv -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\FaxSetup.log:onopmy -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\Gone Fishing.bmp:vxonk -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\Greenstone.bmp:rtomi -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\IIS6.LOG:quqvbo -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB817611.log:bvbavq -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\KB817611.log:grryh -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\KB823182.log:cieff -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\KB823182.log:pdqwnx -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\KB824105.log:qiijz -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\KB824105.log:rjnma -> TrojanDownloader.Agent.lz : Cleaned with backup
C:\WINDOWS\KB828035.log:tdnat -> TrojanDownloader.Agent.lz : Cleaned with backup
C:\WINDOWS\KB828035.log:wtprus -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB828741.log:cdqxw -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\KB828741.log:zgtdnm -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB833407.log:wetvty -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\KB835732.log:ouixoc -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\KB837001.log:rhejpo -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\KB839643-DirectX9.log:pedbvj -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\KB840987.log:efylp -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\msjg32.exe -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\n_rgbzeb.dat:tgmqv -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\OCGEN.LOG:eiqjr -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\OOBEACT.LOG:juklpv -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\q329623.log:ohldt -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\SETUPERR.LOG:brsjg -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\speed.reg:ikulk -> TrojanDownloader.Agent.lz : Cleaned with backup
C:\WINDOWS\spupdsvc.log:lkvuc -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\sys316.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys318.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys319.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys320.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\SYSTEM32\abc.exe -> TrojanSpy.LdPinch.os : Cleaned with backup
C:\WINDOWS\SYSTEM32\cssrs.exe -> TrojanSpy.PdPinch : Cleaned with backup
C:\WINDOWS\SYSTEM32\cvxh8jkdq1.exe -> TrojanDownloader.Small.bho : Cleaned with backup
C:\WINDOWS\SYSTEM32\cvxh8jkdq2.exe -> Not-A-Virus.Hoax.Renos.m : Cleaned with backup
C:\WINDOWS\SYSTEM32\cvxh8jkdq5.exe -> TrojanDownloader.Small.awa : Cleaned with backup
C:\WINDOWS\SYSTEM32\cvxh8jkdq6.exe -> TrojanDownloader.Small.awa : Cleaned with backup
C:\WINDOWS\SYSTEM32\cvxh8jkdq7.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\SYSTEM32\cvxh8jkdq8.exe -> TrojanDownloader.Small.bho : Cleaned with backup
C:\WINDOWS\SYSTEM32\HPCHuninstaller.exe -> TrojanSpy.Haxspy.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\init32m.exe -> TrojanDownloader.Agent.ho : Cleaned with backup
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\latest.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\SYSTEM32\maxd1.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\psis80ex.ax/C:/WINDOWS/System32/mscb.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\psis80ex.ax/C:/Program Files/CashBack/bin/cashback.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\SYSTEM32\psis80ex.ax/C:/Program Files/CashBack/bin/cb.exe -> Spyware.CashBack : Cleaned with backup
C:\WINDOWS\SYSTEM32\psis80ex.ax/C:/Program Files/CashBack/bin/flash.exe -> Spyware.CashBack : Cleaned with backup
C:\WINDOWS\SYSTEM32\symcsvc.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\SYSTEM32\sysdrc.dll -> TrojanDropper.Agent.cy : Cleaned with backup
C:\WINDOWS\SYSTEM32\systr.dll -> Spyware.Globosearch : Cleaned with backup
C:\WINDOWS\SYSTEM32\thn32.dll -> TrojanProxy.Small.bk : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgamet1.exe -> TrojanDropper.Small.wv : Cleaned with backup
C:\WINDOWS\SYSTEM32\vxgamet2.exe -> TrojanProxy.Lager.x : Cleaned with backup
C:\WINDOWS\SYSTEM32\web\msusb64.ocx -> TrojanDropper.Small.zr : Cleaned with backup
C:\WINDOWS\SYSTEM32\ywphm.dll -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\SYSTEM32\zolker010.dll -> Spyware.Zbar : Cleaned with backup
C:\WINDOWS\SYSTEM32\zsfiles\00003.rps -> TrojanSpy.KBMan : Cleaned with backup
C:\WINDOWS\SYSTEM32\ztoolb010.dll -> Spyware.Zbar : Cleaned with backup
C:\WINDOWS\VBADDIN.INI:lmqja -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\vr_sys.dll -> TrojanSpy.LdPinch.os : Cleaned with backup
C:\WINDOWS\Windows Update.log:aeaby -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\Windows Update.log:uvsqb -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\wkbay.dat:lxduv -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\wmsetup.log:xwdjx -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_delis32.ini:aapqqa -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_delis32.ini:baxrpb -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_delis32.ini:ddfwez -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_delis32.ini:haxkwq -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_delis32.ini:jdxxmp -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_delis32.ini:jhemvy -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_delis32.ini:mnsdf -> TrojanDownloader.Agent.lz : Cleaned with backup
C:\WINDOWS\_delis32.ini:oefkfe -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_delis32.ini:ooxcrv -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_delis32.ini:piobdr -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_delis32.ini:qcfssf -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_delis32.ini:vvqbyj -> Spyware.Ipyn : Cleaned with backup
C:\WINDOWS\_delis32.ini:wdetji -> Spyware.SearchPage : Cleaned with backup
C:\WINDOWS\_delis32.ini:wduwlu -> Trojan.Agent.bi : Cleaned with backup
C:\WINDOWS\_delis32.ini:xhvvbh -> TrojanDownloader.Agent.ne : Cleaned with backup
C:\WINDOWS\_delis32.ini:yruiqf -> Spyware.SearchPage : Cleaned with backup


::Report End

smit log

smitRem log file
version 2.3

by noahdfear

The current date is: Sat 09/03/2005
The current time is: 16:08:29.68

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~

Install.dat


~~~ Favorites ~~~



~~~ system32 folder ~~~

thn.dll


~~~ Icons in System32 ~~~



~~~ Windows directory ~~~

desktop.html


~~~ Drive root ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Post-run Files Present


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Wininet.dll ~~~

CLEAN! :)

thanks timroc
User avatar
timroc9
Regular Member
 
Posts: 47
Joined: June 19th, 2005, 6:12 pm
Location: nj

Unread postby Susan528 » September 5th, 2005, 12:56 pm

Hello Timroc9,

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
I need you to check some values for me on some registry entries.
Please go to Start,Run and type “regeditâ€
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby timroc9 » September 5th, 2005, 1:47 pm

ok heres exaclty wjat it look like


name Type Data
Ab(default) Reg_sz value not set
classicshell reg_dword 0x00000000 (0)
no active desktop reg_dword 0x00000000 (0)
NodriveTypeAutoRun Reg_dword 0x00000091 (145)
NoSaveSettings Reg_Dword 0x00000000 (0)
NoThemesTab Reg_dword 0x00000000 (0)
User avatar
timroc9
Regular Member
 
Posts: 47
Joined: June 19th, 2005, 6:12 pm
Location: nj

Unread postby Susan528 » September 6th, 2005, 10:16 pm

Hello Timroc9,

Try this and let me know how things go.

Copy/paste the following text into a new Notepad document. Make sure that you have one blank line at the end of the document as shown in the quoted text.

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"SetVisualStyle"="C:\\Windows\\Resources\\Themes\\Luna.theme"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ThemeManager]
"ThemeActive"="1"
"DllName"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,72,00,65,00,73,00,6f,00,75,00,72,00,63,00,65,00,73,00,5c,\
00,54,00,68,00,65,00,6d,00,65,00,73,00,5c,00,6c,00,75,00,6e,00,61,00,5c,00,\
6c,00,75,00,6e,00,61,00,2e,00,6d,00,73,00,73,00,74,00,79,00,6c,00,65,00,73,\
00,00,00
"ColorName"="NormalColor"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]
"ClassicShell"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
"DisplayName"="Themes"
"Group"="UIGroup"
"ObjectName"="LocalSystem"
"FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,04,00,19,\
00,01,00,00,00,60,ea,00,00,01,00,00,00,60,ea,00,00,00,00,00,00,00,00,00,00
"Description"="Provides user experience theme management."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Parameters]
"ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
73,00,68,00,73,00,76,00,63,00,73,00,2e,00,64,00,6c,00,6c,00,00,00
"ServiceMain"="ThemeServiceMain"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Themes\Enum]
"0"="Root\\LEGACY_THEMES\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001



Save it to your desktop as FixT.reg. Save it as :
File Type: All Files (not as a text document or it wont work).
Name: FixT.reg

Locate FixT.reg on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the merged successfully prompt.

Then download both of these files:
http://www.kellys-korner-xp.com/regs_ed ... ources.zip
http://www.kellys-korner-xp.com/regs_ed ... lassic.zip

Unzip them to C:\WINDOWS\ - overwrite existing files.
It should look like this in windows explorer when you are done:

C:\WINDOWS\Resources\Themes

and the Luna and Classic themes should be there.

Reboot your PC.
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby timroc9 » September 6th, 2005, 10:31 pm

ok its good now whats next
User avatar
timroc9
Regular Member
 
Posts: 47
Joined: June 19th, 2005, 6:12 pm
Location: nj

Unread postby Susan528 » September 6th, 2005, 10:51 pm

Congratulations Timroc9! Your log looks clean - good work!

===============

Reboot your computer, and try using different programs and make sure everything is running ok. If your still experiencing problems, post back any concerns or problems you may be having and wait for any advice before continuing with the cleanup.

===============

Download, install and run Cleanup! from Steven Gould, then:

1. Click "Cleanup!"

(wait for the program to finish scanning your system, and selecting files to be removed.)

2. Exit the program and reboot the computer, if necessary.

-

For more information about using Cleanup! see here.

===============

If everything is running ok, let's do the final cleanup...

===============

1. Run "Disk Cleanup" and allow it to remove everything it finds. Click Start ==>Run ==> Enter "cleanmgr" without the quotes.

2. If you've downloaded MicroWorld AV (MWAV), run it again - but don't scan, just click "Clear Log" and exit the program.

3. Go to www.trendmicro.com and click "Free Online Scan", then "Scan now, it's free!". When it's downloaded, select all available drives, then check(tick) "Auto clean", then click "Scan".

4. Run AdAware SE Personal and "perform a full system scan", then Spybot S&D, and "Check for Problems". Let them both remove the residual 'problems' left that HiJackThis couldn't fix.

5. Disable, then re-enable system restore; with a reboot in-between. Then immediately create a new system point manually. This will clear out the restore/archive files which may still contain infected files.

===============

If you have some extra time, let's review ways to help avoid an 'infected' system both now, and in the future.
-
Change your passwords now and on a regular basis.
-

Make your Internet Explorer more secure - This can be done by following these simple instructions:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.

a. Change the Download signed ActiveX controls to Prompt
b. Change the Download unsigned ActiveX controls to Disable
c. Change the Initialise and script ActiveX controls not marked as safe to Disable
d. Change the Installation of desktop items to Prompt
e. Change the Launching programs and files in an IFRAME to Prompt
f. Change the Navigate sub-frames across different domains to Prompt
g. When all these settings have been made, click on the OK button.
h. If it prompts you as to whether or not you want to save the settings, press the Yes button.

5. Next press the Apply button and then the OK to exit the Internet Properties page.
-
Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti-virus programs:
Computer Safety On line - Anti-Virus - http://www.malwareremoval.com/forum/viewtopic.php?p=53#53
-
Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out
-
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
Computer Safety On line - Software Firewalls http://www.malwareremoval.com/forum/viewtopic.php?p=56#56
-
Test your firewall
You can visit the following website and test to see if your firewall is working
http://hackerwatch.org/probe
This can be useful to AOL users who do not use the AOL provided firewall and the AOL 9.0 startup screen does not detect your firewall and you wonder if your firewall is working!
-
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
-
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware http://www.malwareremoval.com/forum/viewtopic.php?t=13
-
Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
Instructions for - Spybot S & D and Ad-aware http://www.malwareremoval.com/forum/viewtopic.php?t=13
-
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
Computer Safety on line - Anti-Malware http://www.malwareremoval.com/forum/viewtopic.php?p=54#54
-
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.


===============

If your having any more problems, post back.

-
Have safe and happy surfing.

Thank you for letting me assist you!

Susan
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby timroc9 » September 6th, 2005, 11:38 pm

i do have one question do you know any good pop up blockers
User avatar
timroc9
Regular Member
 
Posts: 47
Joined: June 19th, 2005, 6:12 pm
Location: nj

Unread postby Susan528 » September 7th, 2005, 9:02 am

Hello timroc9,
I installed Google which has a pop-up blocker. Before that I was AOL user and it had pop-up blocker. Others probably know more about this than I do. Since you are a trainee, why don't you post the question and ask?
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby timroc9 » September 7th, 2005, 11:49 am

ok i will do that and thanks again for helping me
User avatar
timroc9
Regular Member
 
Posts: 47
Joined: June 19th, 2005, 6:12 pm
Location: nj

Unread postby Nellie2 » September 15th, 2005, 5:31 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

The help you receive here is free but you can help support this site from this link if you wish:
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 277 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware