View Full Version : Comman Service, MediaPlex, TargetNet, ect.
Recently, I've been receiving numerous amount of pop-up ads upon opening Internet Explorer. (Such as: firstadsolution, drivecleaner, and winantivirus.) I've ran SpyBot several times, removing most of the unwanted objects, but Comman Service always seems to stay. I have followed all of the Preliminary steps and so here are my results.:
Logfile of HijackThis v1.99.1
Scan saved at 4:37:18 PM, on 9/20/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\popupwithcast\septpop06apsept.exe
C:\WINDOWS\bmqegxsA.exe
C:\WINDOWS\sys012006216619-.exe
C:\WINDOWS\cfceaomA.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\win32109-200621661.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\ms046216619-200.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsg62.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {F3F895A5-5233-0CE8-1402-2CF00BB93A94} - C:\WINDOWS\System32\hreypdz.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: [bmqegxsA] C:\WINDOWS\bmqegxsA.exe
O4 - HKLM\..\Run: [sys012006216619-] C:\WINDOWS\sys012006216619-.exe
O4 - HKLM\..\Run: [cfceaomA] C:\WINDOWS\cfceaomA.exe
O4 - HKLM\..\Run: [tuva4707] RUNDLL32.EXE w04d457e.dll,n 004a47030000000304d457e
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [sys0306216619-20] C:\WINDOWS\sys0306216619-20.exe
O4 - HKLM\..\Run: [{B9-90-05-55-ZN}] c:\windows\system32\okdsregq.exe ELT001
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [win32109-200621661] C:\WINDOWS\win32109-200621661.exe
O4 - HKLM\..\Run: [ms0616619-20062] C:\WINDOWS\ms0616619-20062.exe
O4 - HKLM\..\Run: [sys02006216619-2] C:\WINDOWS\sys02006216619-2.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [ms046216619-200] C:\WINDOWS\ms046216619-200.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.1.720.5674\GoogleToolbarNotifier.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Thanks in advance!!
Online ActiveScan: - Almost forgot. :laugh:
Incident Status Location
Adware:Adware/DigInk Not disinfected c:\windows\duce6.exe
Adware:Adware/DigInk Not disinfected c:\windows\sys02006216619-2.exe
Adware:Adware/DigInk Not disinfected c:\windows\win32109-200621661.exe
Adware:Adware/DigInk Not disinfected c:\windows\sys012006216619-.exe
Adware:Adware/TopMoxie Not disinfected C:\program files\popupwithcast\Cast.dll
Adware:adware/mediatickets Not disinfected C:\WINDOWS\System32\oins.exe
Potentially unwanted tool:application/winfixer2005 Not disinfected c:\windows\downloaded program files\USDR6_0001_D08M0404NetInstaller.exe
Adware:adware/popper Not disinfected c:\windows\offun.exe
Adware:adware/commad Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Spyware:spyware/media-motor Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/ucmore Not disinfected Windows Registry
Adware:adware/webhancer Not disinfected Windows Registry
Adware:adware/adrotator Not disinfected Windows Registry
Adware:adware/searchexe Not disinfected Windows Registry
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\LocalService\Cookies\system@c.goclick[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\NetworkService\Cookies\system@ad.yieldmanager[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@ad.yieldmanager[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@adrevolver[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@adrevolver[2].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@ads.addynamix[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@ads.pointroll[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@adultfriendfinder[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@apmebf[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@as-eu.falkag[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@as-us.falkag[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@atdmt[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@azjmp[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@bluestreak[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@c.goclick[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@doubleclick[1].txt
Spyware:Cookie/Entrepreneur Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@entrepreneur[1].txt
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@findwhat[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@linksynergy[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@mediaplex[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@perf.overture[1].txt
[Cont.]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@qksrv[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@revenue[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@statcounter[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@stats1.reliablestats[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@targetnet[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@trafficmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@tribalfusion[1].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@www.myaffiliateprogram[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Cookies\user@zedo[2].txt
Spyware:Spyware/7r7t Not disinfected C:\Program Files\Batty2\Uninstall.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\fumm\fumma.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\fumm\fumml.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\fumm\fummm.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\fumm\fummp.exe
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\misc002\141.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{886B9055-0A6A-1033-0805-040203200001}\Update.exe
Spyware:Spyware/7r7t Not disinfected C:\Program Files\PSCloner\Uninstall.exe
Spyware:Spyware/7r7t Not disinfected C:\Program Files\PSLister\upd.exe
Adware:Adware/PurityScan Not disinfected C:\Program Files\?dobe\javaw.exe
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\cfg32.exe
Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\cfg32a.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Qg\k0.vbs
Adware:Adware/DigInk Not disinfected C:\WINDOWS\sys02006216619-22006.exe
Adware:Adware/QoolAid Not disinfected C:\WINDOWS\system32\dmonwv.dll_tobedeleted
Adware:Adware/PurityScan Not disinfected C:\WINDOWS\system32\?ymbols\n?pdb.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\?ymbols\wuaclt.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\uninst104.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\win320919-200621662006.exe
[/results]
LonnyRJones
2006-09-25, 19:22
Welcome
Download Pocket Killbox to the desktop (version 2.0.0.648)
http://www.downloads.subratam.org/KillBox.exe
If you already have killbox ensure it is the latest version. ?
Start Killbox place a tick next to [x]Delete on reboot Press the ALL Files button
Copy this whole list into the windows clipboard, all the Bolded below.
C:\WINDOWS\System32\nsg62.dll
C:\WINDOWS\System32\hreypdz.dll
C:\Program Files\webHancer\Programs\whSurvey.exe
C:\program files\popupwithcast\septpop06apsept.exe
C:\WINDOWS\bmqegxsA.exe
C:\WINDOWS\sys012006216619-.exe
C:\WINDOWS\cfceaomA.exe
C:\topaff.exe
C:\WINDOWS\thiselt.exe
C:\WINDOWS\sys0306216619-20.exe
c:\windows\system32\okdsregq.exe
C:\WINDOWS\xload.exe
C:\WINDOWS\win32109-200621661.exe
C:\WINDOWS\ms0616619-20062.exe
C:\WINDOWS\sys02006216619-2.exe
C:\WINDOWS\Duce6.exe
C:\WINDOWS\ms046216619-200.exe
Back in Killbox go > file > paste from clipboard,
Click the red highlighted X button and say yes to the prompt to restart the pc.
After the pc is restarted
Please download, install, and update and do a full scan with EwidoEwido anti-spyware (http://www.ewido.net/en/download/)
Let it take recommended actions for anything it finds.
Post a combofix log
1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
If the log is large You might need to post half in one reply half in another.
Step 1: KillBox - Complete
Step 2: Ewido - Complete
Step 3: Combofix - Results below!
ComboFix 06.09.25 - Running from: "C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\QooBox\Purity\WINDOWS\system32\YMBOLS~1
C:\QooBox\Purity\WINDOWS\system32\YMBOLS~1\n?pdb.exe
C:\QooBox\Purity\WINDOWS\system32\YMBOLS~1\wuaclt.exe
C:\QooBox\Purity\WINDOWS\system32\YMBOLS~1\YMBOLS~1
((((((((((((((((((((((((((((((( Files Created from 2006-08-26 to 2006-09-26 ))))))))))))))))))))))))))))))))))
2006-09-24 02:25 163,840 --a------ C:\WINDOWS\ms0306216619-20.exe
2006-09-23 02:30 163,840 --a------ C:\WINDOWS\win320919-20062166.exe
2006-09-23 02:30 163,840 --a------ C:\WINDOWS\ms076619-2006212006.exe
2006-09-19 20:23 163,840 --a------ C:\WINDOWS\sys02006216619-22006.exe
2006-09-19 16:44 89,088 --a------ C:\WINDOWS\system32\atl71.dll
2006-09-19 16:37 929 --a------ C:\WINDOWS\system32\winpfg32.sys
2006-09-19 16:35 2 --a------ C:\WINDOWS\system32\wintsvtr.exe
2006-09-16 14:54 997,888 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-09-16 14:54 981,504 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-09-16 14:54 892,416 --a------ C:\WINDOWS\system32\wmspdmoe.dll
2006-09-16 14:54 82,432 --a------ C:\WINDOWS\system32\drmstor.dll
2006-09-16 14:54 816,264 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-09-16 14:54 81,408 --a------ C:\WINDOWS\system32\logagent.exe
2006-09-16 14:54 760,968 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-09-16 14:54 678,912 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-09-16 14:54 670,208 --a------ C:\WINDOWS\system32\wmadmoe.dll
2006-09-16 14:54 6,656 --a------ C:\WINDOWS\system32\laprxy.dll
2006-09-16 14:54 486,536 --a------ C:\WINDOWS\system32\wmspdmod.dll
2006-09-16 14:54 410,248 --a------ C:\WINDOWS\system32\wmadmod.dll
2006-09-16 14:54 384,512 --a------ C:\WINDOWS\system32\mp4sdmod.dll
2006-09-16 14:54 316,040 --a------ C:\WINDOWS\system32\mp43dmod.dll
2006-09-16 14:54 301,712 --a------ C:\WINDOWS\system32\drmclien.dll
2006-09-16 14:54 253,952 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-09-16 14:54 241,664 --a------ C:\WINDOWS\system32\qasf.dll
2006-09-16 14:54 241,664 --a------ C:\WINDOWS\system32\mpg4dmod.dll
2006-09-16 14:54 232,960 --a------ C:\WINDOWS\system32\blackbox.dll
2006-09-16 14:54 143,360 --a------ C:\WINDOWS\system32\wmidx.dll
2006-09-16 14:54 1,111,040 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-09-07 17:34 348,160 --a------ C:\WINDOWS\system32\msvcr71.dll
2006-09-06 18:05 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2006-09-26 11:17 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-25 16:38 -------- d-------- C:\Program Files\PSCloner
2006-09-25 16:19 -------- d-------- C:\Program Files\Common Files
2006-09-25 16:01 -------- d--h----- C:\Program Files\WindowsUpdate
2006-09-25 16:01 -------- d-------- C:\Program Files\ądobe
2006-09-25 16:01 -------- d-------- C:\Program Files\Internet Explorer
2006-09-25 16:01 -------- d-------- C:\Program Files\Common Files\fumm
2006-09-25 15:47 -------- d-------- C:\Program Files\popupwithcast
2006-09-23 02:30 -------- d-------- C:\Program Files\Windows Media Player
2006-09-23 02:30 -------- d-------- C:\Program Files\Messenger
2006-09-21 20:23 -------- d---s---- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\Microsoft
2006-09-21 20:17 -------- d-------- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\Apple Computer
2006-09-20 23:48 -------- d-------- C:\Program Files\Google
2006-09-20 20:18 -------- d-------- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\Aim
2006-09-20 19:03 -------- d-------- C:\Program Files\MySpace
2006-09-20 19:03 -------- d-------- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\MySpace
2006-09-20 16:12 -------- d-------- C:\Program Files\MSN Messenger
2006-09-20 16:12 -------- d-------- C:\Program Files\iTunes
2006-09-20 16:08 -------- d-------- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\LimeWire
2006-09-20 15:24 -------- d-------- C:\Program Files\LimeWire
2006-09-19 22:47 -------- d-------- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\Google
2006-09-19 22:19 -------- d-------- C:\Program Files\Common Files\Adobe
2006-09-19 22:19 -------- d-------- C:\Program Files\Adobe
2006-09-19 22:16 -------- d-------- C:\Program Files\IrfanView
2006-09-19 20:35 -------- d-------- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\Macromedia
2006-09-19 20:23 -------- d-------- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\Identities
2006-09-19 20:22 -------- d-------- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\Lavasoft
2006-09-19 20:10 -------- d-------- C:\Program Files\MSN
2006-09-19 16:40 32135 ---hs---- C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
2006-09-16 14:54 -------- d-------- C:\Program Files\Common Files\Vbox
2006-09-13 19:28 -------- d-------- C:\Program Files\iPod
2006-09-13 19:23 -------- d-------- C:\Program Files\QuickTime
2006-09-10 13:42 -------- d-------- C:\Program Files\WinRAR
2006-09-08 15:15 -------- d-------- C:\Program Files\Windows Live Toolbar
2006-09-08 14:00 -------- d-------- C:\Program Files\Yahoo!
2006-09-07 17:47 -------- d-------- C:\Program Files\Java
2006-09-07 17:46 -------- d-------- C:\Program Files\Common Files\Java
2006-09-07 17:35 -------- d-------- C:\Program Files\AIM
2006-09-07 17:34 -------- d-------- C:\Program Files\AOD
2006-09-07 17:27 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-09-07 16:40 -------- d-------- C:\Program Files\support.com
2006-08-31 11:50 157184 ---hs---- C:\Program Files\Common Files\Yazzle1281OinAdmin.exe
2006-08-20 14:24 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-20 14:24 -------- d-------- C:\Program Files\Common Files\InstallShield
2006-08-19 20:27 -------- d-------- C:\Program Files\Zone Labs
2006-08-19 18:22 -------- d--h----- C:\Program Files\Uninstall Information
2006-08-19 18:18 0 -rahs---- C:\MSDOS.SYS
2006-08-19 18:18 0 -rahs---- C:\IO.SYS
2006-08-19 18:18 0 --a------ C:\CONFIG.SYS
2006-08-19 18:18 0 --a------ C:\AUTOEXEC.BAT
2006-08-19 18:18 -------- d-------- C:\Program Files\xerox
2006-08-19 18:18 -------- d-------- C:\Program Files\microsoft frontpage
2006-08-19 18:17 -------- d-------- C:\Program Files\Online Services
2006-08-19 18:16 -------- d-------- C:\Program Files\Outlook Express
2006-08-19 18:16 -------- d-------- C:\Program Files\NetMeeting
2006-08-19 18:16 -------- d-------- C:\Program Files\Movie Maker
2006-08-19 18:16 -------- d-------- C:\Program Files\Common Files\System
2006-08-19 18:16 -------- d-------- C:\Program Files\Common Files\Services
2006-08-19 18:16 -------- d-------- C:\Program Files\Common Files\MSSoap
2006-08-19 18:15 -------- d-------- C:\Program Files\ComPlus Applications
2006-08-19 18:14 -------- d-------- C:\Program Files\Windows NT
2006-08-19 18:14 -------- d-------- C:\Program Files\MSN Gaming Zone
2006-08-19 11:08 62 --ahs---- C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Application Data\desktop.ini
2006-08-19 11:08 -------- d-------- C:\Program Files\Common Files\SpeechEngines
2006-08-19 11:08 -------- d-------- C:\Program Files\Common Files\ODBC
2006-07-29 22:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-14 14:51 108144 --a------ C:\WINDOWS\system32\GEARAspi.dll
..
..
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"septpop06apsept"="C:\\program files\\popupwithcast\\septpop06apsept.exe"
"bmqegxsA"="C:\\WINDOWS\\bmqegxsA.exe"
"cfceaomA"="C:\\WINDOWS\\cfceaomA.exe"
"tuva4707"="RUNDLL32.EXE w04d457e.dll,n 004a47030000000304d457e"
"loaddr"="C:\\topaff.exe"
"{B9-90-05-55-ZN}"="c:\\windows\\system32\\okdsregq.exe ELT001"
"xload"="\"C:\\WINDOWS\\xload.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"win320919-20062166"="C:\\WINDOWS\\win320919-20062166.exe"
"sys012006216619-"="C:\\WINDOWS\\sys012006216619-.exe"
"ms0306216619-20"="C:\\WINDOWS\\ms0306216619-20.exe"
"!ewido"="\"C:\\Program Files\\ewido anti-spyware 4.0\\ewido.exe\" /minimized"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,e2,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,12,03,00,00,23,00,00,00,dc,00,00,00,d2,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll
Completion time: Tue 09/26/2006 14:49:48.09
ComboFix.txt
ComboFix2.txt
________________________
LonnyRJones
2006-09-26, 21:41
Thanks
Start Hijackthis and place a check next to these items If there.
O2 - BHO: SSL encrypt - {746455FE-D059-47e7-AF0E-140E03F5A447} - C:\WINDOWS\System32\nsg62.dll
O2 - BHO: (no name) - {F3F895A5-5233-0CE8-1402-2CF00BB93A94} - C:\WINDOWS\System32\hreypdz.dll
O4 - HKLM\..\Run: [webHancer Survey Companion] "C:\Program Files\webHancer\Programs\whSurvey.exe"
O4 - HKLM\..\Run: [septpop06apsept] C:\program files\popupwithcast\septpop06apsept.exe
O4 - HKLM\..\Run: C:\WINDOWS\bmqegxsA.exe
O4 - HKLM\..\Run: [sys012006216619-] C:\WINDOWS\sys012006216619-.exe
O4 - HKLM\..\Run: [cfceaomA] C:\WINDOWS\cfceaomA.exe
O4 - HKLM\..\Run: [tuva4707] RUNDLL32.EXE w04d457e.dll,n 004a47030000000304d457e
O4 - HKLM\..\Run: [loaddr] C:\topaff.exe
O4 - HKLM\..\Run: [pop06apelt] C:\WINDOWS\thiselt.exe
O4 - HKLM\..\Run: [sys0306216619-20] C:\WINDOWS\sys0306216619-20.exe
O4 - HKLM\..\Run: [{B9-90-05-55-ZN}] c:\windows\system32\okdsregq.exe ELT001
O4 - HKLM\..\Run: [xload] "C:\WINDOWS\xload.exe"
O4 - HKLM\..\Run: [win32109-200621661] C:\WINDOWS\win32109-200621661.exe
O4 - HKLM\..\Run: [ms0616619-20062] C:\WINDOWS\ms0616619-20062.exe
O4 - HKLM\..\Run: [sys02006216619-2] C:\WINDOWS\sys02006216619-2.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O4 - HKLM\..\Run: [ms046216619-200] C:\WINDOWS\ms046216619-200.exe
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
====================================
Hit fix checked and close Hijackthis.
[B]Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Set windows to show hidden extensions file's and folder's.
click for> instructions. (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Manualy delete these files and folders
C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\ms0306216619-20.exe
C:\WINDOWS\win320919-20062166.exe
C:\WINDOWS\ms076619-2006212006.exe
C:\WINDOWS\sys02006216619-22006.exe
C:\WINDOWS\uninst104.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\adobe < only delete the one with javaw.exe in it!!!
C:\Program Files\PSCloner
C:\Program Files\PSLister
C:\Program Files\Common Files\fumm
C:\Program Files\popupwithcast
C:\WINDOWS\Qg
Your antivirus might delete when you get close to them, thats fine.
===========
Submit these here http://www.virustotal.com/flash/index_en.html
C:\WINDOWS\system32\atl71.dll
C:\WINDOWS\system32\winpfg32.sys
C:\WINDOWS\system32\wintsvtr.exe
If found to be bad delete them, which did you delete ?
Post a fresh hijackthis log please, be sure to mention any current problems.
Check for and fix any problems found with SpyBot, then do so a second time and get a results report, heres how > Post a SpyBot results report.
Run SpyBot check for problems, when its finished right click and choose copy results
(not full report) to clipboard and past that back here please.
Failed to delete:
C:\WINDOWS\ms0306216619-20.exe
Files not found:
C:\WINDOWS\uninst104.exe
C:\WINDOWS\cfg32.exe
C:\WINDOWS\cfg32a.exe
C:\Program Files\PSLister
VirusTotal Results - No viruses found.
HijackThis Log:
Logfile of HijackThis v1.99.1
Scan saved at 6:33:52 PM, on 9/26/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ms0306216619-20.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Duce6.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ms0306216619-20] C:\WINDOWS\ms0306216619-20.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Question: Duce6 still exists under C:\WINDOWS. If I recall.. Killbox should have removed it. Should I manually delete it from WINDOWS or should I wait for further instructions?
_____________________________________________
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\cmdService
Command Service: Settings (Registry key, fixing failed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\cmdService
Command Service: Settings (Registry key, fixed)
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\cmdService
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-09-19 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2006-02-06 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2006-02-20 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-09-15 Includes\Cookies.sbi (*)
2006-09-15 Includes\Dialer.sbi (*)
2006-09-15 Includes\Hijackers.sbi (*)
2006-09-15 Includes\Keyloggers.sbi (*)
2006-09-15 Includes\Malware.sbi (*)
2006-09-15 Includes\PUPS.sbi (*)
2006-09-15 Includes\Revision.sbi (*)
2006-09-15 Includes\Security.sbi (*)
2006-09-15 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-09-15 Includes\Trojans.sbi (*)
LonnyRJones
2006-09-27, 01:42
Start Hijackthis and place a check next to these items If there.
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [ms0306216619-20] C:\WINDOWS\ms0306216619-20.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\Duce6.exe
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Manualy delete these files
C:\WINDOWS\ms0306216619-20.exe
C:\WINDOWS\Duce6.exe
Install update and do a full system scan with atleast a free antivirus program.
Several are mentioned here but dont install more than one
http://forums.spybot.info/showthread.php?t=279
Afterwards post another new hijackthis log please, we can deal with command service later, its only a left over.
Logfile of HijackThis v1.99.1
Scan saved at 9:59:53 PM, on 9/26/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
LonnyRJones
2006-09-27, 06:54
Looks good Envyd
Usualy when command service shows repeatedly it is becouse of the method ad-aware
uses to remove it. It leave's a harmless registry key with modified permisions.
Please download and unzip Ren-cmdservice to your desktop.
http://downloads.subratam.org/Lon/ren-cmdservice.zip
Open the ren-cmdservice folder by doubleclicking it and then doubleclick the
ren-cmdservice.bat file to run the program.
A text will open when it is finished, Post it please.
Then restart the PC run SpyBot check for and fix any problems found.
When next you check for problems it wont or shouldnt be there.
alternate download
http://www.bleepingcomputer.com/files/lonny/ren-cmdservice.zip
Any other problems ?
If not now is the time to visit windows update, you'l need to reboot when prompted and go back several times until no updates are offered.
Running from C:\Documents and Settings\USER.B-OH0ZEU4AU14UY\Desktop\ren-cmdservice
No Image Path Listed in Registry
-----------------
Deleting cmdservice key
cmdservice key deleted
..
-----------------
Commandline utilities (SWReg and SWSC)
Written by Bobbi Flekman © 2005
-----------------
Finised, Post this text then
Please Restart your PC
ren-cmdservice.bat edited 6-25-2006
-----------------
_________
Sadly, My copy of Windows is not genuine.:sad: I'm gonna have to purchase a genuine product key as soon as possible.
Pop-up ads are no longer, Command Service is gone. Thank you for all your help. God bless you!
LonnyRJones
2006-09-27, 21:41
Please do get a legitimate windows asap, otherwise your sure to get infected again.
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let one of us know via a PM (personal message).