Annoying Spyware won't go away >)>

[SixthSatan]

Logfile of HijackThis v1.99.1
Scan saved at 2:57:09 AM, on 8/4/07
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMKB918547KB918547.EXE
C:WINDOWSSYSTEMKB891711KB891711.EXE
C:PROGRAM FILESALWIL SOFTWAREAVAST4ASHSERV.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOW***PLORER.EXE
C:WINDOWSTASKMON.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:WINDOWSLOADQM.EXE
C:PROGRAM FILESALWIL SOFTWAREAVAST4ASHWEBSV.EXE
C:PROGRAM FILESALWIL SOFTWAREAVAST4ASHMAISV.EXE
C:PROGRAM FILESMSN MESSENGERMSNMSGR.EXE
C:PROGRAM FILESSPYBOT - SEARCH & DESTROYTEATIMER.EXE
C:PROGRAM FILESWINZIPWZQKPICK.EXE
C:WINDOWSSYSTEMWMIEXE.EXE
C:WINDOWSSYSTEMRPCSS.EXE
D:PROGRAM FILESFIREFOX.EXE
C:UNZIPPEDHIJACKTHISHIJACKTHIS.EXE

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:Program FilesSpybot - Search & DestroySDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:WINDOWSSYSTEMMSDXM.OCX
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [TaskMonitor] C:WINDOWStaskmon.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [IrMon] IrMon.exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..Run: [LoadQM] loadqm.exe
O4 - HKLM..Run: [My Web Search Bar] rundll32 C:PROGRA~1MYWEBS~1BAR2.BINMWSBAR.DLL,S
O4 - HKLM..Run: [avast! Web Scanner] C:PROGRA~1ALWILS~1AVAST4ASHWEBSV.EXE
O4 - HKLM..Run: [ashMaiSv] C:PROGRA~1ALWILS~1AVAST4ashmaisv.exe
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [KB918547] C:WINDOWSSYSTEMKB918547KB918547.EXE
O4 - HKLM..RunServices: [KB891711] C:WINDOWSSYSTEMKB891711KB891711.EXE
O4 - HKLM..RunServices: [avast!] C:Program FilesAlwil SoftwareAvast4ashServ.exe
O4 - HKCU..Run: [MsnMsgr] "C:Program FilesMSN MessengerMsnMsgr.Exe" /background
O4 - HKCU..Run: [SpybotSD TeaTimer] C:Program FilesSpybot - Search & DestroyTeaTimer.exe
O4 - Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O8 - Extra context menu item: &Search - ?p=ZNxpt042YYCA
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:WINDOWSwebrelated.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRAM FILESJAVAJRE1.5.0_06BINSSV.DLL
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:PROGRAM FILESJAVAJRE1.5.0_06BINSSV.DLL
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by120fd.bay120.hotmail.msn.co...s/MsnPUpld.cab

There are also two more instances of spywayre that spybot finds but can't delete but I don't know if they appear in my log. Also, doesn't my log seem a bit short? Please help, this computer was ridden with viruses and spyware, I just got it from a friend of mine and he never scanned anything. I'd like to get it squeaky clean please, all the help is appreciated.

[Pancake]

Hi..

Download and scan with SUPERAntiSpyware Free for Home Users

• Double-click SUPERAntiSpyware.exe and use the default settings for installation.
• An icon will be created on your desktop. Double-click that icon to launch the program.
• If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
• Under "Configuration and Preferences", click the Preferences button.
• Click the Scanning Control tab.
• Under Scanner Options make sure the following are checked (leave all others unchecked):
  • Close browsers before scanning.
  • Scan for tracking cookies.
  • Terminate memory threats before quarantining.
• Click the "Close" button to leave the control center screen.
• Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
• On the left, make sure you check C:\Fixed Drive.
• On the right, under "Complete Scan", choose Perform Complete Scan.
• Click "Next" to start the scan. Please be patient while it scans your computer.
• After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
• Make sure everything has a checkmark next to it and click "Next".
• A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
• If asked if you want to reboot, click "Yes".
• To retrieve the removal information after reboot, launch SUPERAntispyware again.
  • Click Preferences, then click the Statistics/Logs tab.
  • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
  • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
  • Please copy and paste the Scan Log results in your next reply.
• Click Close to exit the program.

[SixthSatan]

Hi, thank you.

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/05/2007 at 04:29 AM

Application Version : 3.9.1008

Core Rules Database Version : 3279
Trace Rules Database Version: 1290

Scan type : Complete Scan
Total Scan Time : 02:12:51

Memory items scanned : 142
Memory threats detected : 0
Registry items scanned : 1666
Registry threats detected : 0
File items scanned : 6760
File threats detected : 54

Adware.Tracking Cookie
C:\WINDOWS\Cookies\your name goes here@www.ppctracking[1].txt
C:\WINDOWS\Cookies\your name goes here@coreg.smileymedia[2].txt
C:\WINDOWS\Cookies\your name goes here@i.screensavers[2].txt
C:\WINDOWS\Cookies\your name goes here@msnaccountservices.112.2o7[1].txt
C:\WINDOWS\Cookies\your name goes here@cgi-bin[3].txt
C:\WINDOWS\Cookies\your name goes here@2o7[1].txt
C:\WINDOWS\Cookies\your name goes here@revenue[2].txt
C:\WINDOWS\Cookies\your name goes here@www.windowsmedia[2].txt
C:\WINDOWS\Cookies\your name goes here@ads.realtechnetwork[1].txt
C:\WINDOWS\Cookies\your name goes here@mywebsearch[1].txt
C:\WINDOWS\Cookies\your name goes here@azjmp[2].txt
C:\WINDOWS\Cookies\your name goes here@adopt.euroclick[1].txt
C:\WINDOWS\Cookies\your name goes here@clicktorrent[2].txt
C:\WINDOWS\Cookies\your name goes here@adopt.specificclick[1].txt
C:\WINDOWS\Cookies\your name goes here@microsofteup.112.2o7[1].txt
C:\WINDOWS\Cookies\your name goes here@www.screensavers[1].txt
C:\WINDOWS\Cookies\your name goes here@1070767430[1].txt
C:\WINDOWS\Cookies\your name goes here@serving-sys[2].txt
C:\WINDOWS\Cookies\your name goes here@www.burstnet[1].txt
C:\WINDOWS\Cookies\your name goes here@reduxads.valuead[2].txt
C:\WINDOWS\Cookies\your name goes here@mb[2].txt
C:\WINDOWS\Cookies\your name goes here@coolsavings[1].txt
C:\WINDOWS\Cookies\your name goes here@ads.monster[1].txt
C:\WINDOWS\Cookies\your name goes here@qnsr[1].txt
C:\WINDOWS\Cookies\your name goes here@workopolis.122.2o7[1].txt
C:\WINDOWS\Cookies\your name goes here@trafficmp[3].txt
C:\WINDOWS\Cookies\your name goes here@ads.addynamix[3].txt
C:\WINDOWS\Cookies\your name goes here@findwhat[1].txt
C:\WINDOWS\Cookies\your name goes here@ads.pointroll[2].txt
C:\WINDOWS\Cookies\your name goes here@atdmt[3].txt
C:\WINDOWS\Cookies\your name goes here@roiservice[1].txt
C:\WINDOWS\Cookies\your name goes here@realmedia[1].txt
C:\WINDOWS\Cookies\your name goes here@247realmedia[2].txt
C:\WINDOWS\Cookies\your name goes here@ads.hi5[1].txt
C:\WINDOWS\Cookies\your name goes here@msnportal.112.2o7[1].txt
C:\WINDOWS\Cookies\your name goes here@maxserving[2].txt
C:\WINDOWS\Cookies\your name goes here@leads.specificmedia[2].txt
C:\WINDOWS\Cookies\your name goes here@smileycentral[2].txt
C:\WINDOWS\Cookies\your name goes here@adopt.hbmediapro[2].txt
C:\WINDOWS\Cookies\your name goes here@data2.perf.overture[1].txt
C:\WINDOWS\Cookies\your name goes here@pmads.valuead[2].txt
C:\WINDOWS\Cookies\your name goes here@tribalfusion[3].txt
C:\WINDOWS\Cookies\your name goes here@adcentriconline[2].txt
C:\WINDOWS\Cookies\your name goes here@h.starware[1].txt
C:\WINDOWS\Cookies\your name goes here@webpower[1].txt
C:\WINDOWS\Cookies\your name goes here@ads.uproar[1].txt
C:\WINDOWS\Cookies\your name goes here@xml.bravenetmedianetwork[2].txt
C:\WINDOWS\Cookies\your name goes here@ad[2].txt
C:\WINDOWS\Cookies\your name goes here@perf.overture[1].txt
C:\WINDOWS\Cookies\your name goes here@adsrevenue[1].txt
C:\WINDOWS\Cookies\your name goes here@publishers.clickbooth[2].txt
C:\WINDOWS\Cookies\your name goes here@adbrite[2].txt
C:\WINDOWS\Cookies\your name goes here@try.starware[1].txt

Trojan.Media-Codec
C:\PROGRAM FILES\INTCODEC\UNINST.EXE

There is still more I know about. Housecall tells me there is a BKDR_DELF.DUW in my C:/Program Files/MSN Messenger/Riched20.dll, nothing has been able to clean it and it won't let me delete it manually. Spybot find Vcodec.Intcodec but tells me the file is being used in memory so it can't delete it.

Also, on startup, rundll keeps trying to start something called MyWebSearch, but it has been deleted by Spybot so I keep getting an error about path name not found (I have no idea how to stop or even see my auto-runs)

There are also some funny things happening over in Add/Remove, like things being there that are apperantly already uninstalled, something called Zuma.. and I had a heck of a time uninstalling MSN.. It kept trying to install itself untill finally one time when I X'd out of install uninstall came up. (Fort the record, it was already installed when it tried to install itself again)

What's happenin here?

[Pancake]

C:\Program Files\GameHouse << --remove this folder if present


Please download the OTMoveIt by OldTimer.

• Save it to your desktop.
• Please double-click OTMoveIt.exe to run it.
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
  
  
  
  C:\PROGRAM FILES\INTCODEC\UNINST.EXE
  
  
  
• Return to OTMoveIt, right click on the "Paste List of Files/Folders to be moved" window and choose Paste.
• Click the red Moveit! button.
• Close OTMoveIt

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Run HJT and remove this entry....
O4 - HKLM..Run: [My Web Search Bar] rundll32 C:PROGRA~1MYWEBS~1BAR2.BINMWSBAR.DLL,S


It is very important to keep Sun Java up to date to help avoid exploitation by malware .
The current version is Java Runtime Environment (JRE) 6.0
Download the latest version of Java Runtime Environment (JRE) 6.0 .
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.
Proceed with reinstalling Java. Reboot.