Computer has MANY trojans and viruses.

HI.
NOTE that this is not for my computer but for a friends computer, which is infected badly.

I WILL
post up a HjT log.
A ewido anti-spyware log and a Ad-aware SE personel log.

But first of all I have this problem screen shot below, look at the little speech bubble please.


This thing is not real and me nor my mate knows how to get rid of the stupid thing, the following posts after this will have an anti spyware report from ad aware ewido and HjT

 

HijackThisLog

Logfile of HijackThis v1.99.1
Scan saved at 15:37:42, on 14/10/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MMediaCodec\isamonitor.exe
C:\Program Files\MMediaCodec\pmsngr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\MMediaCodec\pmmon.exe
C:\Program Files\MMediaCodec\isamini.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Symantec Shared\SymSetup\{A93C9E60-29B6-49da-BA21-F70AC6AADE20}.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HjT\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\MSInfo\msinfo32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.savewealth.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.savewealth.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.savewealth.com/support/ie6/complete/
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing)
O2 - BHO: (no name) - {d869742a-e5d2-4624-96c7-aae26170665e} - C:\Program Files\MMediaCodec\isaddon.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [TD9i] C:\WINDOWS\gavwxm.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [AppMasterCenter] Serviceprocess.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [34763] Bogobot.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Workflow] E:\Workflow.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1139599680\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ares] "C:\Documents and Settings\Abdul Motlib\Desktop\Ares\Ares.exe" -h
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.savewealth.com
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) - https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aolsvc.aol.co.uk/computercheckup/qdiagcc.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - C:\WINDOWS\System32\dpfwu.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SPBBCSvc - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

AVG anti-spyware Report [was kewido anti-spyware]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 16:21:48 14/10/2006

+ Scan result:



HKLM\SOFTWARE\Classes\CLSID\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Security Add-On -> Adware.Generic : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Explorer Security Plugin 2006 -> Adware.IntCodec : Cleaned.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Public Messenger ver 2.03 -> Adware.IntCodec : Cleaned.
HKU\S-1-5-21-1606980848-484763869-1957994488-1006\Software\Internet Security -> Adware.IntCodec : Cleaned.
C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@aoluk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@microsoftwlmessengermkt.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@msnaccountservices.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@paypal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@snagajob.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@media.adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.38:C:\Documents and Settings\Abdul Motlib\Application Data\Mozilla\Firefox\Profiles\mruky2m1.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.20:C:\Documents and Settings\Abdul Motlib\Application Data\Mozilla\Firefox\Profiles\mruky2m1.default\cookies.txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@articles.techrepublic.com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.46:C:\Documents and Settings\Abdul Motlib\Application Data\Mozilla\Firefox\Profiles\mruky2m1.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.39:C:\Documents and Settings\Abdul Motlib\Application Data\Mozilla\Firefox\Profiles\mruky2m1.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@vad.mainentrypoint[1].txt -> TrackingCookie.Mainentrypoint : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@data3.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@data4.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@revenue[2].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.18:C:\Documents and Settings\Abdul Motlib\Application Data\Mozilla\Firefox\Profiles\mruky2m1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.19:C:\Documents and Settings\Abdul Motlib\Application Data\Mozilla\Firefox\Profiles\mruky2m1.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.40:C:\Documents and Settings\Abdul Motlib\Application Data\Mozilla\Firefox\Profiles\mruky2m1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.41:C:\Documents and Settings\Abdul Motlib\Application Data\Mozilla\Firefox\Profiles\mruky2m1.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@reduxads.valuead[1].txt -> TrackingCookie.Valuead : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Abdul Motlib\Cookies\abdul motlib@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.


::Report end

 

Download SmitfraudFix: http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Boot into safe mode, follow these instructions on how to use smitfraudfix: http://siri.geekstogo.com/SmitfraudFix.php

After you are done, post the log of smitfraudfix, usually located: C:\rapport.txt

Post another hijack this log...