Author Topic: Desktop is black! Help please! (Read 1898 times)

raised_on_beans_n_rice · « **on:** December 12, 2005, 01:57:35 PM »

My desktop is black and I can't change it. I removed 12 viruses with AVG free in safe mode and still nothing. Can anyone help me? Here is a HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 12:56:05 PM, on 12/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\AVG7~1.0\avgamsvr.exe
D:\AVG7~1.0\avgupsvc.exe
D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\explorer.exe
D:\Program Files\Panorama\Panorama.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HJT\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_EMC] D:\AVG7~1.0\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Yahoo!\YPSR\ppclean.exe" "clean" "cws" "2"
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: Panorama.lnk = D:\Program Files\Panorama\Panorama.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by14fd.bay14.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119751357171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123618101998
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by14fd.bay14.Email Removed.msn.com/activex/HMAtchmt.ocx\' target=\'_blank\' rel=\'nofollow\'>http://by14fd.bay14.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgupsvc.exe
O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\System32\cisvc.exe (file missing)
O23 - Service: GBPoll - Symantec Corporation - D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

guestolo · « **Reply #1 on:** December 13, 2005, 01:14:55 AM »

Can you do the following please

==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0

==Download and then Install
Ewido Security Suite

When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Download SmitRem.exe by Noahdfear and save the file to your desktop.

Please print the next set of instructions or save them too a notepad file on your desktop for reference

Do another scan with Hijackthis and put a check next to these entries:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"

O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe

After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Select Safe mode from the Startup menu

Once in safe mode

Find and delete this file if found
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe <-file

==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):

* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users

Click OK
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer

==Double click on SmitRem.exe to extract it to it's own folder on the desktop.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: Well Ewido is running, don't open any other windows, let it do it's job

Reboot back to Normal mode

From my signature below, use Internet Explorer and run an Online Virus scan at Panda's
It's safe to supply them with an email address and additional info needed
When it's loaded
Choose to scan "Local Disks"
When the scan is done, if anything is found
Click the See Report
Save this report to your desktop

Post the following back please
1. A fresh hijackthis log
2. The full report from Ewido's
3. Post the Whole log made from SmitRem located here C:\Smitfiles.txt
4. Post the Report from Panda's

raised_on_beans_n_rice · « **Reply #2 on:** December 16, 2005, 03:36:50 PM »

1) HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 2:20:47 PM, on 12/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\AVG7~1.0\avgamsvr.exe
D:\AVG7~1.0\avgupsvc.exe
d:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\nvsvc32.exe
D:\AVG7~1.0\avgemc.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Panorama\Panorama.exe
C:\Program Files\Yahoo!\Messenger\YPager.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\HJT\hijackthis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn4\yt.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_EMC] D:\AVG7~1.0\avgemc.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\Yahoo!\YPSR\ppclean.exe" "clean" "cws" "2"
O4 - Startup: Panorama.lnk = D:\Program Files\Panorama\Panorama.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Send Image to Phone - http://www.freeringers.net/ezimage.php
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/games/clients/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt2_x.cab
O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab31267.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.Email Removed.msn.com/resources/MsnPUpld.cab\' target=\'_blank\' rel=\'nofollow\'>http://by14fd.bay14.Email Removed.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1119751357171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1123618101998
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2002092...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Email Removed Attachments Control) - http://by14fd.bay14.Email Removed.msn.com/activex/HMAtchmt.ocx\' target=\'_blank\' rel=\'nofollow\'>http://by14fd.bay14.Email Removed.msn.com/activex/HMAtchmt.ocx
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab
O16 - DPF: {FF054BED-D972-4215-897E-726C3488DDBB} (sonyctl.sonycm) - http://supportcentral.sel.sony.com/sdccomm...oad/sonyctl.CAB
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\AVG7~1.0\avgupsvc.exe
O23 - Service: Indexing Service (cisvc) - Unknown owner - C:\WINDOWS\System32\cisvc.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - d:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: GBPoll - Symantec Corporation - D:\Program Files\Daemon & Norton Antivirus\Norton Anti-Virus\Norton GoBack\GBPoll.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

2) Ewido Report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on:         1:21:09 PM, 12/13/2005
+ Report-Checksum:      AE92B759

+ Scan result:

   C:\WINDOWS\system32\bH.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.9\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.10\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.11\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.12\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.13\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\v2.dll -> Spyware.EliteBar : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.7\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\CONFLICT.8\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll -> Adware.Gator : Cleaned with backup
   C:\WINDOWS\kl.exe -> Logger.Small.dg : Cleaned with backup
   C:\WINDOWS\tool2.exe -> Hijacker.Spywad.l : Cleaned with backup
   C:\WINDOWS\hosts -> Trojan.Qhost.el : Cleaned with backup
   C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-645f4c2c-4de1ca05.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
   C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-73ac7130-4225c91e.class -> Trojan.ClassLoader.Dummy.a : Cleaned with backup
   C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-7fb5dbb4-6e14f0d7.class -> Trojan.Java.ClassLoader.f : Cleaned with backup
   C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-44eba5ec-365921c3.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
   C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\BlackBox.class-15599ffc-4eb9b45b.class -> Trojan.ClassLoader.c : Cleaned with backup
   C:\Documents and Settings\Tony\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-3cfa0102-189040a6.class -> Trojan.Byteverify : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp\heur002.dll -> Adware.SpySheriff : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp\IESecurity.dll -> Spyware.SpywareNo : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp\ProcMon.dll -> Adware.SpySheriff : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp\Uninstall.exe -> Adware.SpySheriff : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\20041004012203.zip/WINDOWS/NDNuninstall5_40.exe -> Spyware.NewDotNet : Cleaned with backup
   C:\Program Files\Yahoo!\YPSR\Quarantine\ppq155.tmp\IEagent\CSBIINST.DLL -> Spyware.ClearSearch : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042155.exe -> Downloader.PassAlert.d : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042158.exe/run.exe -> Downloader.PassAlert.d : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042173.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042174.exe -> Downloader.VB.qr : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042175.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042176.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042177.exe -> Trojan.Small : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042178.exe -> Downloader.Small.buh : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042179.exe -> Hijacker.StartPage.agi : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042180.exe -> Downloader.Small.bwr : Cleaned with backup
   C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP322\A0042328.exe -> Hijacker.Spywad.l : Cleaned with backup
   D:\HJT\backups\backup-20050320-223218-231.inf -> Trojan.WinREG.StartPage : Cleaned with backup
   D:\Installed Games\GoldMinerSetup-dm.exe -> Spyware.Trymedia : Cleaned with backup
   D:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP321\A0042143.exe -> Downloader.IstBar.nk : Cleaned with backup

::Report End

3) SmitRem* I deleted some files which are currently in my recycle bin until I get the ok to delete them from you. They are as follows:

smitRem © log file
version 2.8

by noahdfear

Microsoft Windows XP [Version 5.1.2600]
The current date is: Tue 12/13/2005
The current time is: 12:19:58.87

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key

PSGuard.com key not present!

spyaxe uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

SpySheriff
Install.dat

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

desktop.html

~~~ Drive root ~~~

winstall.exe

~~~ Miscellaneous Files/folders ~~~

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 [email protected]
Killing PID 608 'explorer.exe'

Starting registry repairs

Deleting files

Remaining Post-run Files

~~~ Program Files ~~~

~~~ Shortcuts ~~~

~~~ Favorites ~~~

~~~ system32 folder ~~~

~~~ Icons in System32 ~~~

~~~ Windows directory ~~~

~~~ Drive root ~~~

~~~ Miscellaneous Files/folders ~~~

~~~ Wininet.dll ~~~

CLEAN!

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\'

\' />

4) Panda report

Incident Status Location

Adware:adware/yoursearchengineNot disinfected C:\WINDOWS\system32\config\systemprofile\Favorites\ REMOVE SPYWARE.url
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\system32\xmltok.dll
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\bi419.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\inf\biini.inf
Adware:Adware/Transponder Not disinfected C:\WINDOWS\inf\polmx2.inf
Adware:Adware/SAHAgent Not disinfected C:\WINDOWS\inf\biH.inf
Adware:Adware/IPInsight Not disinfected C:\WINDOWS\inf\conscorr.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.9\HDPlugin1019.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Downloaded Program Files\flash.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.10\HDPlugin1019.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.11\HDPlugin1019.inf
Adware:adware/sahagent Not disinfected C:\WINDOWS\Downloaded Program Files\sporder_.dll
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.13\HDPlugin1019.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.3\HDPlugin1019.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\Downloaded Program Files\istactivex.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.2\HDPlugin1019.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.4\HDPlugin1019.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.5\HDPlugin1019.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.6\HDPlugin1019.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.7\HDPlugin1019.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.8\HDPlugin1019.inf
Adware:Adware/Gator Not disinfected C:\WINDOWS\Downloaded Program Files\HDPlugin1019.inf
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\Downloaded Program Files\turbo.inf
Adware:adware/portalscan Not disinfected C:\WINDOWS\mmgsvc.dat
Adware:adware/powerstrip Not disinfected C:\WINDOWS\mmgsvce.bin
Adware:Adware/Secure32 Not disinfected C:\WINDOWS\secure32.html
Virus:Trj/Agent.AYO Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
Virus:Trj/Torpig.A Not disinfected C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp\heur000.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp\heur001.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp\heur003.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq35.tmp\SpySheriff.exe
Adware:Adware/SAHAgent Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041004012207.zip[bi.inf]
Virus:Trj/Qhost.gen Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\20041201083223.zip[hosts]
Adware:Adware/IST.ISTBar Not disinfected C:\Program Files\US Xingtone Ringtone Maker 4.1.xx all Builds crack.exe
Adware:Adware/IST.ISTBar Not disinfected C:\My Downloads\US Xingtone Ringtone Maker 4.1.xx all Builds crack.exe
Adware:Adware/IST.YourSiteBar Not disinfected D:\HJT\backups\backup-20050320-223217-159.inf
Virus:Trj/Downloader.AEE Not disinfected D:\HJT\backups\backup-20050320-223217-375.inf
Adware:Adware/WUpd Not disinfected D:\HJT\backups\backup-20050320-223217-881.inf
Dialer:Dialer.ASV Not disinfected D:\HJT\backups\backup-20050321-200149-917.inf

guestolo · « **Reply #3 on:** December 17, 2005, 04:21:08 AM »

Can you do the following please to ensure we get you clean

Download Killbox
From one of these loactions
http://www.downloads.subratam.org/KillBox.exe
http://www.atribune.org/downloads/KillBox.exe

Start Killbox
place a tick next to
delete on reboot.

Copy this whole list into the windows clipboard, all the Bolded below.
Between the dotted lines
By using the Ctrl + C keys on your keyboard

==============================
C:\WINDOWS\system32\config\systemprofile\Favorites\ REMOVE SPYWARE.url
C:\WINDOWS\system32\xmltok.dll
C:\WINDOWS\inf\bi419.inf
C:\WINDOWS\inf\biini.inf
C:\WINDOWS\inf\polmx2.inf
C:\WINDOWS\inf\biH.inf
C:\WINDOWS\inf\conscorr.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.9
C:\WINDOWS\Downloaded Program Files\flash.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.10
C:\WINDOWS\Downloaded Program Files\CONFLICT.11
C:\WINDOWS\Downloaded Program Files\sporder_.dll
C:\WINDOWS\Downloaded Program Files\CONFLICT.13
C:\WINDOWS\Downloaded Program Files\CONFLICT.3
C:\WINDOWS\Downloaded Program Files\CONFLICT.1
C:\WINDOWS\Downloaded Program Files\istactivex.inf
C:\WINDOWS\Downloaded Program Files\CONFLICT.2
C:\WINDOWS\Downloaded Program Files\CONFLICT.4
C:\WINDOWS\Downloaded Program Files\CONFLICT.5
C:\WINDOWS\Downloaded Program Files\CONFLICT.6
C:\WINDOWS\Downloaded Program Files\CONFLICT.7
C:\WINDOWS\Downloaded Program Files\CONFLICT.8
C:\WINDOWS\Downloaded Program Files\HDPlugin1019.inf
C:\WINDOWS\Downloaded Program Files\turbo.inf
C:\WINDOWS\mmgsvc.dat
C:\WINDOWS\mmgsvce.bin
C:\WINDOWS\secure32.html
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00002.dll
C:\Program Files\US Xingtone Ringtone Maker 4.1.xx all Builds crack.exe
C:\My Downloads\US Xingtone Ringtone Maker 4.1.xx all Builds crack.exe

==============================

Back in Killbox go to > file > paste from clipboard,
Click the red highlighted X button

Killbox will tell you that all listed files will be deleted on next reboot.. Click YES
When it asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.
Click No at the Pending Operations prompt.

Back in Windows
Open Windows Cleanup
This time click on
OPTIONS>>Standard cleanup
Once standard cleanup is set click the CleanUp! button
Let it finish
Reboot the computer

Please run another scan at Panda's and post a new report

TheTechGuide Forum

News:

Author Topic: Desktop is black! Help please! (Read 1898 times)

raised_on_beans_n_rice

Desktop is black! Help please!

guestolo

Desktop is black! Help please!

raised_on_beans_n_rice

Desktop is black! Help please!

guestolo

Desktop is black! Help please!