ogfile of HijackThis v1.99.1
Scan saved at 12:10:36 PM, on 1/4/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Comcast\Comcast_Devmon.exe
C:\WINDOWS\system32\rpcss.exe
C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
C:\WINDOWS\webshots.scr
c:\ann.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\highjackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dukecityfix.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CPW] C:\Program Files\Comcast\Comcast_Devmon.exe C:\Program Files\Comcast\Comcast Photo Wizard.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\spywarebegone\SpywareBeGone.exe -FastScan
O4 - HKCU\..\Run: [rpcss] C:\WINDOWS\system32\rpcss.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm082YYUS
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xa.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094944865982
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161823114294
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

Incident Status Location

Adware:Adware/SpySheriff Not disinfected c:\winstall.exe
Adware:Adware/SpySheriff Not disinfected c:\ann.exe
Potentially unwanted tool:application/mywebsearch Not disinfected c:\windows\system32\f3PSSavr.scr
Potentially unwanted tool:application/funweb Not disinfected c:\windows\downloaded program files\f3initialsetup1.0.0.15.inf
Adware:adware/spysheriff Not disinfected c:\winstall.exe
Adware:adware/statblaster Not disinfected c:\windows\minigolf_affiliate.exe
Adware:adware/dyfuca Not disinfected c:\windows\STWSI
Hacktool:exploit/mhtredir.gen Not disinfected HKEY_LOCAL_MACHINE\Software\Microsoft\Code Store Database\Distribution Units\{10000000-1000-0000-1000-000000000000}
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@112.2o7[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@2o7[1].txt
Spyware:Cookie/3 Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@3[2].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@64.62.232[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@abetterinternet[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@adopt.hbmediapro[2].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@ads.gorillanation[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@adtech[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@as-eu.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@as-us.falkag[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@as1.falkag[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@atwola[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@azjmp[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@belnk[1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@bravenet[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@bs.serving-sys[1].txt
Spyware:Cookie/Barelylegal Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@c.fsx[1].txt
Spyware:Cookie/C.porngraph Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@c.porngraph[2].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@c2.gostats[2].txt
Spyware:Cookie/Casinotropez Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@casinotropez[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@ccbill[2].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@cgi-bin[10].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@cgi-bin[15].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@cgi-bin[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@cgi-bin[4].txt

Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@cgi-bin[9].txt
Spyware:Cookie/Bridgetrack Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@citi.bridgetrack[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@com[2].txt
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@cs.sexcounter[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@ct.360i[2].txt
Spyware:Cookie/Dbbsrv Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@dbbsrv[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@did-it[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@dist.belnk[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@domainsponsor[2].txt
Spyware:Cookie/Euniverseads Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@euniverseads[2].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@findwhat[1].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@fortunecity[1].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@gostats[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@go[1].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@hc2.humanclick[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@hotlog[1].txt
Spyware:Cookie/Hypercount Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@hypercount[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@ig.com[1].txt
Spyware:Cookie/TouchClarity Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@intercasino.touchclarity[1].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@kount[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@landing.domainsponsor[1].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@maxserving[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@microsofteup.112.2o7[1].txt
Spyware:Cookie/Outster Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@outster[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@overture[1].txt
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@pacificpoker[2].txt
Spyware:Cookie/PayCounter Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@paycounter[2].txt
Spyware:Cookie/Peel Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@peel[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@perf.overture[1].txt
Spyware:Cookie/WegCash Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@programs.wegcash[1].txt

Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@qsrch[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@questionmarket[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@revenue[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@rightmedia[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@rn11[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@searchportal.information[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@server.iad.liveperson[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@serving-sys[2].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@spylog[2].txt
Spyware:Cookie/SpywareStormer Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@spywarestormer[1].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@stat.onestat[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@target[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@tickle[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@toplist[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@tribalfusion[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@tucows[2].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@versiontracker[1].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@web.tickle[1].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@webpower[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@www.burstbeacon[1].txt
Spyware:Cookie/GangbangSquad Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@www.gangbangsquad[1].txt
Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@www.mp3search[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@www.myaffiliateprogram[2].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@www.web-stat[1].txt
Spyware:Cookie/Buydomains Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@www47.buydomains[1].txt
Spyware:Cookie/Seeq Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@www48.seeq[1].txt
Spyware:Cookie/X10 Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@x10[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@xmts[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Sarah\Cookies\sarah@yadro[1].txt
Hacktool:Exploit/LoadImage Not disinfected C:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\8FP3AEV9\n[1].anr
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\QH9BB84W\n[1].exe
Spyware:Cookie/2o7 Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\sarah@2o7[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\sarah@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\sarah@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\WINDOWS\system32\config\systemprofile\Cookies\sarah@doubleclick[1].txt
Virus:Trj/Firebypass.AR Disinfected C:\WINDOWS\system32\ntoskrnl.dll
Spyware:Spyware/Overpro Not disinfected C:\WINDOWS\WildApp.dll

hi User Name1,

read thru this sticky. download what you need and follow along for the fix. step 5 requires a boot into safe mode, so i would copy/paste the rest of the instructions into notepad and save them so you can read them in safe mode.

the sticky:
http://forums.spybot.info/showthread.php?t=4015

Untill sygate popped with an ex trying to connect........ann.exe outgoing blocked

Then I got the red button again saying I had a virus.......

Here is the data from the tests.

Logfile of HijackThis v1.99.1
Scan saved at 1:37:16 AM, on 1/5/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\ntsystem.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Comcast\Comcast_Devmon.exe
C:\WINDOWS\system32\rpcss.exe
C:\WINDOWS\System32\wuauclt.exe
C:\highjackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [Desksite CMA] C:\Program Files\desksite\bin\cma.exe
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [CPW] C:\Program Files\Comcast\Comcast_Devmon.exe C:\Program Files\Comcast\Comcast Photo Wizard.exe
O4 - HKCU\..\Run: [Spyware Begone] c:\spywarebegone\SpywareBeGone.exe -FastScan
O4 - HKCU\..\Run: [rpcss] C:\WINDOWS\system32\rpcss.exe
O4 - Startup: V CAST Music Monitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music\V CAST Music Monitor.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZUxdm082YYUS
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xa.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094944865982
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161823114294
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} - http://download.abacast.com/download/files/abasetup144.cab
O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab
O23 - Service: NICSer_WPC54G - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter\NICServ.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

SmitFraudFix v2.132

Scan done at 1:13:43.17, Fri 01/05/2007
Run from C:\Documents and Settings\Sarah\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\winstall.exe Deleted
C:\Documents and Settings\Sarah\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

hi User Name1,

ok good. do this:

scan with HJT, put a checkmark beside the items below, close all windows and click fix checked.

O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe

O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbar...p=ZUxdm082YYUS

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\xa.exe
------------------------------------------
Download AVG Anti-Spyware(ewido) from and save that file to your
desktop:

http://www.ewido.net/en/download/

This is a 30 day trial of the program

1. Once you have downloaded ewido anti-spyware, locate the icon on the desktop
and double-click it to launch the set up program.
2. Once the setup is complete you will need run ewido and update the definition
files.
3. On the main screen select the icon "Update" then select the "
Update now" link.
* Next select the "Start Update" button, the update will start and a
progress bar will show the updates being installed.
4. Once the update has completed select the "Scanner" icon at the top of
the screen, then select the "Settings" tab.
5. Once in the Settings screen click on "Recommended actions" and then
select "Quarantine".
6. Under "Reports"
* Select "Automatically generate report after every scan"
* Un-Select "Only if threats were found"
* Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
* Select the "Scanner" icon at the top and then the "Scan" tab
then click on "Complete System Scan".
* ewido will now begin the scanning process, be patient this may take a little
time.
Once the scan is complete do the following:
* If you have any infections you will prompted, then select "Apply all
actions"
* Next select the "Reports" icon at the top.
* Select the "Save report as" button in the lower left hand of the
screen and save it to a text file on your system (make sure to remember where
you saved that file, this is important). Please post the avg log in next reply. if there are alot of cookies in the log you can edit them out.

shelf life

VG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:45:43 AM 1/6/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP111\A0076296.dll -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP113\A0077551.dll -> Adware.MediaTickets : Cleaned with backup (quarantined).
C:\WINDOWS\WildApp.dll -> Adware.MediaTickets : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WildMedia -> Adware.MidAddle : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WildMedia\LicenseStores -> Adware.MidAddle : Cleaned with backup (quarantined).
HKU\S-1-5-21-1390067357-1935655697-1343024091-1004\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP111\A0076300.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP111\A0076301.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP111\A0076302.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP111\A0076303.dll -> Adware.SpyMarshal : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP111\A0076304.exe -> Adware.SpySheriff : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP100\A0068653.exe -> Downloader.Agent.add : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP117\A0079312.exe -> Downloader.Agent.am : Cleaned with backup (quarantined).
C:\WINDOWS\system32\__delete_on_reboot__r_p_c_s_s_._e_x_e_ -> Downloader.Agent.am : Cleaned with backup (quarantined).
C:\Documents and Settings\Sarah\Local Settings\Temporary Internet Files\Content.IE5\GNSR2FCZ\n[1].anr -> Downloader.Ani.c : Cleaned with backup (quarantined).
C:\Program Files\Internet Explorer\xa.exe -> Downloader.WinShow.r : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068772.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068778.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068792.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068800.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068807.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068814.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068821.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068827.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068834.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068840.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068847.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068860.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068866.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068873.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068879.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068885.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068891.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068897.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068904.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068910.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068916.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068923.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068929.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068935.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068941.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0068948.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0069948.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0069953.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0069960.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0069974.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0069983.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0069993.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0069999.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070006.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070013.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070026.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070032.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070038.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070046.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070060.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070067.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070080.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070088.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070094.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070100.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070106.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070112.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070126.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070139.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070149.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070155.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070169.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP101\A0070175.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071175.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071188.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071194.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071207.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071213.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071219.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071225.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071232.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071238.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071252.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{884DB34E-FA55-4107-BC0A-E83A6C4EDE75}\RP102\A0071258.exe -> Downloader.Zlob.bd : Cleaned with backup (quarantined).

Shelf Life,

Thank you for your help.

That was a lot of work that I am not use to. I guess I can just leave all the downloaded programs where they are.

Should I buy AVG? Seems like an exelent product.

I have been using sygate for years now but have not been able to update it. I neglect updates because they just don't seem to take for me.

I'm thinking I need to pay attention to my firewall and my anti-virus program.........I don't have an Anti virus program that I know of.

Any advice from you will be heeded.....thanks again.

hi User Name1,

good thanks for the info.

you need to get antivirus. AVG also puts out a free antivirus.
download,install update and do a scan please, since you have been without one.

http://free.grisoft.com/freeweb.php/doc/2/
-------------------------------------
AVG antispyware is good. The only difference between the free and paid version is in the free version, the real-time protection or guard as its called becomes inactive after 30 days. It wouldnt be a bad investment.


Sygate was purchased by symantec (norton) afew years ago.
its still a good firewall, you can still download the last sygate version.
if you want a firewall that can be updated, go with the free version of zone alarm.
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?dc=12bms&ctry=US&lang=en
-----------------------------
do system scan with AVG antivirus after downloading and installing
please rescan with AVG antispyware and post the log (you can edit the cookies out)
also rescan and post a new hjt log.

shelf life

How is it going User Name1. :)

This topic is closed due to lack of a response.

If you need it re-opened please send me a private message (pm) and provide a link to the thread. Applies only to the original topic starter.