PDA

View Full Version : smitfraud.C and CMD service Malware removal help


agines311
2006-10-04, 16:52
here are my logs. the online scan first followed by my HJT. Thanks for all your help in advance!!!!


Incident Status Location

Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{843EC7BC-05FD-1033-1003-011008010001}\Services.dll
Spyware:Spyware/Virtumonde Not disinfected C:\Program Files\Common Files\{843EC7BC-05FD-1033-1003-011008010001}\Update.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\QWRhbSBHaW5lcw\asappsrv.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\QWRhbSBHaW5lcw\command.exe
Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Adware:adware/securityerror Not disinfected c:\windows\system32\ot.ico
Adware:adware/systemdoctor Not disinfected c:\windows\system32\issearch.exe
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Adam\Cookies\adam@as-us.falkag[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Adam\Cookies\adam@desktop.kazaa[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bluestreak[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@realmedia[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@zedo[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Adam\Cookies\adam@questionmarket[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Adam\Cookies\adam@centrport[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adam\Cookies\adam@com[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Adam\Cookies\adam@mediaplex[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Adam\Cookies\adam@doubleclick[2].txt
Spyware:Cookie/Eyeblaster Not disinfected C:\Documents and Settings\Adam\Cookies\adam@www.eyeblaster-ds[2].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Adam\Cookies\adam@fortunecity[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Adam\Cookies\adam@servedby.advertising[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Adam\Cookies\adam@questionmarket[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ads.gorillanation[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\Adam\Cookies\adam@desktop.kazaa[3].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Adam\Cookies\adam@trafficmp[2].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Adam\Cookies\adam@qksrv[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Adam\Cookies\adam@hitbox[2].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Adam\Cookies\adam@smni[1].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Adam\Cookies\adam@gator[1].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Adam\Cookies\adam@domainsponsor[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@zedo[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Adam\Cookies\adam@atdmt[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Adam\Cookies\adam@as1.falkag[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Adam\Cookies\adam@landing.domainsponsor[2].txt
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Adam\Cookies\adam@0[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Adam\Cookies\adam@server.iad.liveperson[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Adam\Cookies\adam@hg1.hitbox[2].txt
Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\Adam\Cookies\adam@targetnet[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Adam\Cookies\adam@advertising[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@zedo[4].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bs.serving-sys[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Adam\Cookies\adam@questionmarket[3].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bfast[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\Adam\Cookies\adam@smni[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Adam\Cookies\adam@trafficmp[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ehg-ubisoft.hitbox[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Adam\Cookies\adam@a.as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Adam\Cookies\adam@atdmt[3].txt
agines311
2006-10-04, 16:54
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Adam\Cookies\adam@doubleclick[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adam\Cookies\adam@com[3].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Adam\Cookies\adam@atwola[1].txt
Spyware:Cookie/Pollstar Not disinfected C:\Documents and Settings\Adam\Cookies\adam@pollstar[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Adam\Cookies\adam@mediaplex[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Adam\Cookies\adam@hitbox[1].txt
Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\Adam\Cookies\adam@valueclick[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\Adam\Cookies\adam@tickle[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Adam\Cookies\adam@trafficmp[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Adam\Cookies\adam@go[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Adam\Cookies\adam@advertising[3].txt
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Adam\Cookies\adam@0[2].txt
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Adam\Cookies\adam@307[1].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Adam\Cookies\adam@gator[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@zedo[3].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Adam\Cookies\adam@servedby.advertising[2].txt
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bfast[3].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\Adam\Cookies\adam@64.62.232[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Adam\Cookies\adam@fastclick[1].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Adam\Cookies\adam@qksrv[3].txt
Spyware:Cookie/WegCash Not disinfected C:\Documents and Settings\Adam\Cookies\adam@programs.wegcash[2].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bluestreak[3].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Cookies\adam@2o7[2].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\Adam\Cookies\adam@hotlog[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Adam\Cookies\adam@centrport[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ehg-dig.hitbox[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Adam\Cookies\adam@questionmarket[5].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ehg-sonycomputer.hitbox[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bs.serving-sys[3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Cookies\adam@serving-sys[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ehg-ubisoft.hitbox[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ads.gorillanation[2].txt
Spyware:Cookie/Humanclick Not disinfected C:\Documents and Settings\Adam\Cookies\adam@hc2.humanclick[1].txt
Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ads.addynamix[1].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Adam\Cookies\adam@target[1].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@adrevolver[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Cookies\adam@serving-sys[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adam\Cookies\adam@com[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Adam\Cookies\adam@perf.overture[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@zedo[6].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Adam\Cookies\adam@gator[3].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[3].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@realmedia[3].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Adam\Cookies\adam@maxserving[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Adam\Cookies\adam@questionmarket[4].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Adam\Cookies\adam@fastclick[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adam\Cookies\adam@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[3].txt
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Adam\Cookies\adam@fortunecity[2].txt
Spyware:Cookie/Sandboxer Not disinfected C:\Documents and Settings\Adam\Cookies\adam@307[3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bs.serving-sys[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Adam\Cookies\adam@did-it[2].txt
agines311
2006-10-04, 17:34
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Adam\Cookies\adam@as-us.falkag[3].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Adam\Cookies\adam@newnet.qsrch[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@rightmedia[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@adserver.filefront[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Adam\Cookies\adam@trafficmp[5].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Cookies\adam@2o7[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Adam\Cookies\adam@centrport[4].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adam\Cookies\adam@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@casalemedia[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Adam\Cookies\adam@www.burstbeacon[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Cookies\adam@serving-sys[3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Adam\Cookies\adam@perf.overture[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Adam\Cookies\adam@centrport[5].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adam\Cookies\adam@com[5].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@rightmedia[3].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@adserver.filefront[1].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Adam\Cookies\adam@gator[4].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@realmedia[4].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@casalemedia[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Adam\Cookies\adam@www.affiliatefuel[2].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Adam\Cookies\adam@versiontracker[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Adam\Cookies\adam@trafficmp[4].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Adam\Cookies\adam@qksrv[4].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adam\Cookies\adam@burstnet[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Adam\Cookies\adam@spylog[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Adam\Cookies\adam@atwola[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Cookies\adam@112.2o7[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[4].txt
Spyware:Cookie/Dbbsrv Not disinfected C:\Documents and Settings\Adam\Cookies\adam@dbbsrv[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Cookies\adam@2o7[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Adam\Cookies\adam@go[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Adam\Cookies\adam@domainsponsor[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[4].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Adam\Cookies\adam@server.iad.liveperson[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Adam\Cookies\adam@questionmarket[7].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Adam\Cookies\adam@dist.belnk[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Adam\Cookies\adam@overture[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Adam\Cookies\adam@stat.onestat[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Adam\Cookies\adam@apmebf[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@zedo[7].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Adam\Cookies\adam@www.web-stat[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bluestreak[4].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adam\Cookies\adam@statcounter[3].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Adam\Cookies\adam@maxserving[3].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@c5.zedo[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Adam\Cookies\adam@landing.domainsponsor[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Adam\Cookies\adam@www.burstbeacon[3].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Adam\Cookies\adam@fastclick[4].txt
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bilbo.counted[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Adam\Cookies\adam@as-us.falkag[2].txt
agines311
2006-10-04, 17:36
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Adam\Cookies\adam@as-us.falkag[3].txt
Spyware:Cookie/Qsrch Not disinfected C:\Documents and Settings\Adam\Cookies\adam@newnet.qsrch[2].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@rightmedia[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@adserver.filefront[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Adam\Cookies\adam@trafficmp[5].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Cookies\adam@2o7[1].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Adam\Cookies\adam@centrport[4].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bluestreak[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adam\Cookies\adam@burstnet[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@casalemedia[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Adam\Cookies\adam@www.burstbeacon[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Cookies\adam@serving-sys[3].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Adam\Cookies\adam@perf.overture[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Adam\Cookies\adam@centrport[5].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Adam\Cookies\adam@com[5].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@rightmedia[3].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@adserver.filefront[1].txt
Spyware:Cookie/Gator Not disinfected C:\Documents and Settings\Adam\Cookies\adam@gator[4].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@realmedia[4].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Adam\Cookies\adam@casalemedia[2].txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\Documents and Settings\Adam\Cookies\adam@www.affiliatefuel[2].txt
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Adam\Cookies\adam@versiontracker[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Adam\Cookies\adam@trafficmp[4].txt
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Adam\Cookies\adam@qksrv[4].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Adam\Cookies\adam@burstnet[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Adam\Cookies\adam@spylog[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Adam\Cookies\adam@atwola[2].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Cookies\adam@112.2o7[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[4].txt
Spyware:Cookie/Dbbsrv Not disinfected C:\Documents and Settings\Adam\Cookies\adam@dbbsrv[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Cookies\adam@2o7[3].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Adam\Cookies\adam@go[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Adam\Cookies\adam@domainsponsor[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[4].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Adam\Cookies\adam@server.iad.liveperson[2].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Adam\Cookies\adam@questionmarket[7].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Adam\Cookies\adam@dist.belnk[2].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Adam\Cookies\adam@overture[2].txt
Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Adam\Cookies\adam@stat.onestat[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Adam\Cookies\adam@apmebf[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@zedo[7].txt
Spyware:Cookie/web-stat Not disinfected C:\Documents and Settings\Adam\Cookies\adam@www.web-stat[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bluestreak[4].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adam\Cookies\adam@statcounter[3].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Adam\Cookies\adam@maxserving[3].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@c5.zedo[2].txt
Spyware:Cookie/DomainSponsor Not disinfected C:\Documents and Settings\Adam\Cookies\adam@landing.domainsponsor[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[2].txt
agines311
2006-10-04, 17:37
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Adam\Cookies\adam@fastclick[4].txt
Spyware:Cookie/Bilbo.counted Not disinfected C:\Documents and Settings\Adam\Cookies\adam@bilbo.counted[1].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Adam\Cookies\adam@as-us.falkag[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Adam\Cookies\adam@atwola[3].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Adam\Cookies\adam@tradedoubler[2].txt
Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\Adam\Cookies\adam@centrport[3].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Adam\Cookies\adam@serving-sys[4].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[5].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Adam\Cookies\adam@2o7[4].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Adam\Cookies\adam@zedo[5].txt
Potentially unwanted tool:Application/SystemDoctor2006 Not disinfected C:\Documents and Settings\Adam Gines\Local Settings\Temporary Internet Files\Content.IE5\EPQX6B4L\SystemDoctor2006FreeInstall[1].exe
Adware:Adware/ISearch Not disinfected C:\Documents and Settings\Adam Gines\Local Settings\Temporary Internet Files\Content.IE5\EPQX6B4L\104[1].net[MTE3MTk6ODoxNg.exe]
Adware:Adware/PCodec Not disinfected C:\Documents and Settings\Adam Gines\Local Settings\Temporary Internet Files\Content.IE5\EPQX6B4L\104[1].net[²ÜÇ\nsRandom.dll]
Spyware:Spyware/Virtumonde Not disinfected C:\Documents and Settings\Adam Gines\Local Settings\Temporary Internet Files\Content.IE5\45IF2V6X\anti4[1].exe
Adware:Adware/SuperSpider Not disinfected C:\Documents and Settings\Adam Gines\Local Settings\Temporary Internet Files\Content.IE5\0X2ZSP2Z\Microsoft_Office_2003_Generic_Crack[1].rar[install.exe]
Potentially unwanted tool:Application/Winantivirus2006 Not disinfected C:\Documents and Settings\Adam Gines\Local Settings\Temporary Internet Files\Content.IE5\0X2ZSP2Z\WinAntiVirusPro2006FreeInstall[1].exe
Spyware:Cookie/Findwhat Not disinfected C:\Documents and Settings\Adam Gines\Cookies\adam gines@findwhat[1].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Adam Gines\Cookies\adam gines@www.drivecleaner[1].txt
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Adam Gines\Cookies\adam gines@clickbank[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Adam Gines\Cookies\adam gines@statcounter[3].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Adam Gines\Cookies\adam gines@stats.drivecleaner[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Adam Gines\Cookies\adam gines@stats1.reliablestats[2].txt
Spyware:Cookie/DriveCleaner Not disinfected C:\Documents and Settings\Adam Gines\Cookies\adam gines@drivecleaner[1].txt
Adware:Adware/SystemDoctor Not disinfected C:\WINDOWS\system32\components\flx7.dll
Adware:Adware/SpywareQuake Not disinfected C:\WINDOWS\system32\urroxtl.dll_tobedeleted
Adware:Adware/CommAd Not disinfected C:\WINDOWS\QWRhbSBHaW5lcw\kql1vm1Juqc5wT.vbs
Virus:Trj/LowZones.U Not disinfected D:\dload\WinZip-9.0.exe]
agines311
2006-10-04, 17:38
Logfile of HijackThis v1.99.1
Scan saved at 12:29:36 AM, on 10/4/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\{843EC7BC-05FD-1033-1003-011008010001}\Update.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [uwenbfl.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uwenbfl.dll,pbrkrhb
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file)
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe

Thanks for Your Help!
LonnyRJones
2006-10-09, 09:07
Hi agines311 , Welcome

Fallow the instructions here
http://forums.spybot.info/showthread.php?t=4015
afterwards post the logs mentioned
agines311
2006-10-11, 07:02
Thanks for your response..I followed the instructions and here are the loggs in order 1 Rapport.txt, AVG log and the new HJT log.

SmitFraudFix v2.106

Scan done at 9:58:42.48, Mon 10/09/2006
Run from C:\Documents and Settings\Adam Gines\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"incestuously"="{03413bf7-e34c-445b-bfc0-a2b127255871}"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\components\flx?.dll Deleted
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Safety Bar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
agines311
2006-10-11, 07:04
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:07:16 PM 10/10/2006

+ Scan result:



C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned.
C:\WINDOWS\QWRhbSBHaW5lcw\asappsrv.dll -> Adware.CommAd : Cleaned.
C:\WINDOWS\QWRhbSBHaW5lcw\command.exe -> Adware.CommAd : Cleaned.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP5\A0000661.dll -> Adware.Softomate : Cleaned.
C:\Documents and Settings\Adam Gines\Desktop\MICROSOFT OFFICE PR0 2003.rar/crack.exe -> Downloader.Adload.fu : Cleaned.
C:\Documents and Settings\Adam Gines\Desktop\MICROSOFT OFFICE PR0 2003.rar/keygen.exe -> Downloader.Harnig.cu : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP5\A0000669.exe -> Downloader.Small.buy : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP4\A0000653.exe -> Downloader.Zlob.ans : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP4\A0000654.dll -> Downloader.Zlob.ant : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP4\A0000637.exe -> Downloader.Zlob.anw : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP4\A0000644.exe -> Downloader.Zlob.anw : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP5\A0000664.exe -> Downloader.Zlob.anw : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000814.exe -> Downloader.Zlob.anw : Cleaned.
C:\Documents and Settings\Adam Gines\Desktop\MICROSOFT OFFICE PR0 2003.rar/patch.exe -> Dropper.Small.asx : Cleaned.
D:\dload\Cracks 2004\WinZip-9.0-keygen.rar/WinZip-9.0-keygen.exe -> Hijacker.StartPage.tr : Cleaned.
C:\WINDOWS\system32\husxtxgy.dll -> Logger.VBStat.e : Cleaned.
C:\WINDOWS\system32\pquehvvy.dll -> Logger.VBStat.e : Cleaned.
C:\Documents and Settings\Adam\Local Settings\Temporary Internet Files\Content.IE5\85E3CH2Z\s2[1].htm -> Not-A-Virus.Exploit.JS.CVE20061359.b : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP5\A0000666.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000818.dll -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
C:\WINDOWS\system32\urroxtl.dll_tobedeleted -> Not-A-Virus.Hoax.Win32.Renos.ds : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP4\A0000645.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP5\A0000665.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000816.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000820.dll -> Not-A-Virus.Hoax.Win32.Renos.fh : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP6\A0000679.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@2o7[6].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@2o7[7].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@americafirstcreditunion.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@charmingshoppes.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ford.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@heavyhammerinc.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@msnportal.112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@tgn.122.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@wrigley.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jessica\Cookies\jessica@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ad-logics[2].txt -> TrackingCookie.Ad-logics : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@adrevolver[4].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@adrevolver[5].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[2].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@z1.adserver[4].txt -> TrackingCookie.Adserver : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@adservingcentral[2].txt -> TrackingCookie.Adservingcentral : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@adtech[1].txt -> TrackingCookie.Adtech : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@servedby.advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@atdmt[3].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Jessica\Cookies\jessica@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bfast[1].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bfast[3].txt -> TrackingCookie.Bfast : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bluestreak[3].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bluestreak[4].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@citi.bridgetrack[3].txt -> TrackingCookie.Bridgetrack : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@burstnet[4].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@centrport[2].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@centrport[3].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@centrport[4].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@centrport[5].txt -> TrackingCookie.Centrport : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@com[1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@com[2].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@com[3].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@com[4].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@com[5].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@commission-junction[1].txt -> TrackingCookie.Commission-junction : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bilbo.counted[1].txt -> TrackingCookie.Counted : Cleaned.
agines311
2006-10-11, 07:05
C:\Documents and Settings\Adam\Cookies\adam@dbbsrv[1].txt -> TrackingCookie.Dbbsrv : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@doubleclick[3].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Jessica\Cookies\jessica@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@e-2dj6wjkoqpdpkhq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@e-2dj6wjlyckdpieo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@a.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@as-us.falkag[3].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@fastclick[4].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@gator[1].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@gator[2].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@gator[3].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@gator[4].txt -> TrackingCookie.Gator : Cleaned.
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ehg-bestbuy.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ehg-sonycomputer.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ehg-ubisoft.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ehg-ubisoft.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jessica\Cookies\jessica@ehg-comcast.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Jessica\Cookies\jessica@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@adserv.internetfuel[1].txt -> TrackingCookie.Internetfuel : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@sales.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@sales.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@server.iad.liveperson[4].txt -> TrackingCookie.Liveperson : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@stat.onestat[3].txt -> TrackingCookie.Onestat : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@data1.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@perf.overture[2].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@perf.overture[3].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@www10.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@www4.paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned.
agines311
2006-10-11, 07:06
C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[4].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[5].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.pointroll[6].txt -> TrackingCookie.Pointroll : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@mediatrack.popupsponsor[2].txt -> TrackingCookie.Popupsponsor : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@popupsponsor[2].txt -> TrackingCookie.Popupsponsor : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@qksrv[3].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@qksrv[4].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@qksrv[5].txt -> TrackingCookie.Qksrv : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@questionmarket[3].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@questionmarket[4].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@questionmarket[5].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@questionmarket[6].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@questionmarket[7].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@questionmarket[8].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@www.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@revenue[1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@edge.ru4[3].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@edge.ru4[4].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@edge.ru4[5].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@edge.ru4[6].txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bs.serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@bs.serving-sys[4].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@serving-sys[3].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@serving-sys[4].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@serving-sys[6].txt -> TrackingCookie.Serving-sys : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@adopt.specificclick[3].txt -> TrackingCookie.Specificclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.specificpop[2].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@specificpop[1].txt -> TrackingCookie.Specificpop : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@spylog[2].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@spylog[3].txt -> TrackingCookie.Spylog : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@starware[2].txt -> TrackingCookie.Starware : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@statcounter[3].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@targetnet[2].txt -> TrackingCookie.Targetnet : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@trafficmp[3].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@trafficmp[4].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@trafficmp[5].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@trafficmp[6].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@tribalfusion[3].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@trls.valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@server3.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@server3.web-stat[3].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@www.web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@programs.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.x10[1].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ads.x10[3].txt -> TrackingCookie.X10 : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@yadro[1].txt -> TrackingCookie.Yadro : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@c1.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@c5.zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@zedo[2].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@zedo[3].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@zedo[4].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@zedo[5].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@zedo[6].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@zedo[7].txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\Adam\Cookies\adam@zedo[9].txt -> TrackingCookie.Zedo : Cleaned.
C:\WINDOWS\system32\ehwhuajg.dll -> Trojan.BHO.g : Cleaned.
C:\Program Files\Common Files\{843EC7BC-05FD-1033-1003-011008010001}\Update.exe -> Trojan.Starter.65 : Cleaned.


::Report end
agines311
2006-10-11, 07:07
Logfile of HijackThis v1.99.1
Scan saved at 2:33:28 PM, on 10/10/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\System32\devldr32.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [uwenbfl.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uwenbfl.dll,pbrkrhb
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe


Thanks again For your time and Effort in helping me..I really appreciate it
LonnyRJones
2006-10-11, 07:46
Start Hijackthis and place a check next to these items If there.
O4 - HKLM\..\Run: [uwenbfl.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\uwenbfl.dll,pbrkrhb
====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Set windows to show hidden extensions file's and folder's.
click for> instructions. (http://www.xtra.co.nz/help/0,,4155-1916458,00.html)
Manualy delete this file's and folders
C:\WINDOWS\System32\uwenbfl.dll
C:\Program Files\Common Files\{843EC7BC-05FD-1033-1003-011008010001}
C:\WINDOWS\QWRhbSBHaW5lcw
C:\Documents and Settings\Adam Gines\Desktop\MICROSOFT OFFICE PR0 2003.rar
D:\dload\Cracks 2004\WinZip-9.0-keygen.rar
D:\dload\ delete any crakcs there and elsewhere, none are safe, neither are keygens.
did you install MICROSOFT OFFICE PR0 2003.rar from a crack ?
if so it probaly has as yet undetectable built in virus's bots trojans

Let us know how that pc is
agines311
2006-10-12, 18:17
Thanks again for the Fast Reply.

I was not able to find this file C:\WINDOWS\System32\uwenbfl.dll, then i did a search for it and found it...but It would not let me delet it, do I need to be in safe mode to delete that?

This file was not on my PC C:\Documents and Settings\Adam Gines\Desktop\MICROSOFT OFFICE PR0 2003.rar, That i could find...I wonder what happened...and no I don't have Office 03 from a crack....do you think it would help if I uninstalled Office???

Thanks again...
LonnyRJones
2006-10-13, 08:00
If you restarted the pc after the Hijackthis fix you should be able to delete
C:\WINDOWS\System32\uwenbfl.dll
Try again please

If you ihnstalled office from that file that was on your desktop
MICROSOFT OFFICE PR0 2003.rar yes i suggest you uninstall office and go get a lagitamate copy

Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

Are there any current problems or questions ?
why havent you ever undated windows ?
agines311
2006-10-13, 17:38
I restarted the Pc and I am still unable to delete "C:\WINDOWS\System32\uwenbfl.dll" it always tells me access denied...and I still get forced to those web sites that want me to buy there software to remove malware....this pc that has the problem is my older PC...do you think I could reformat the hard drive to fix this issue??? also I never update windows because I just had to reinstall it and then something messed up and i got this virus.....or instead of reformatting the hard drive should i go through the steps again...maybe i missed something......

Thanks again!
LonnyRJones
2006-10-14, 01:38
Ok

You can go into safe mode and delete it or use hijackthis option to delete it on reboot
Run Hijackthis click >"config" then "misc tools" >"delete file on reboot"
(exact spelling counts!!! so dont browse to the files)
Copy/Paste the bolded line below into the File name box then click Open,
C:\WINDOWS\System32\uwenbfl.dlll
Answer yes to the prompt to reboot the PC


you have norton and avg antiviur, not good, one must be uninstalled, personaly i would keep avg.

Once thats done go visit windowsupdate
I would appreciate seeing a hijackthis log afterwards.
agines311
2006-10-14, 07:18
i got the uwenbfl.dll to delete so thanks for your help on that. I updated my windows... here is my current HJT log. when I go to the internet it still takes me to that weird Iupdate webpage. I also remvoed Norton. Thanks again.


Logfile of HijackThis v1.99.1
Scan saved at 11:14:47 PM, on 10/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\ishost.exe
C:\WINDOWS\System32\issearch.exe
C:\WINDOWS\System32\isnotify.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\ismini.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\devldr32.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll (file missing)
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [qhssili.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\qhssili.dll,eaoplz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160802216912
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
LonnyRJones
2006-10-14, 07:25
Bunch more files showing

Fallow the instructions here
http://forums.spybot.info/showthread.php?t=4015
when finished post the logs mentioned at the bottom
agines311
2006-10-17, 23:45
here are the new logs...thanks once again for all your time and effort

SmitFraudFix v2.110

Scan done at 10:52:29.18, Tue 10/17/2006
Run from C:\Documents and Settings\Adam Gines\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ishost.exe Deleted
C:\WINDOWS\system32\ismini.exe Deleted
C:\WINDOWS\system32\isnotify.exe Deleted
C:\WINDOWS\system32\issearch.exe Deleted
C:\WINDOWS\system32\ixt?.dll Deleted
C:\WINDOWS\system32\ot.ico Deleted
C:\WINDOWS\system32\ts.ico Deleted
C:\DOCUME~1\ALLUSE~1.WIN\DESKTOP\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\DESKTOP\Security Troubleshooting.url Deleted
C:\DOCUME~1\ADAMGI~1\FAVORI~1\Antivirus Test Online.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Online Security Guide.url Deleted
C:\DOCUME~1\ALLUSE~1.WIN\STARTM~1\Security Troubleshooting.url Deleted
C:\Program Files\Safety Bar\ Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
agines311
2006-10-17, 23:47
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:40:38 PM 10/17/2006

+ Scan result:



C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000839.dll -> Adware.Aws : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000840.dll -> Adware.CommAd : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000841.exe -> Adware.CommAd : Cleaned.
HKLM\SOFTWARE\MalwareWipe.com -> Adware.Malwarewipe : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP5\A0000660.dll -> Adware.Searchcolours : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP3\A0000515.dll -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP3\A0000516.exe -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP3\A0000520.exe -> Adware.Systemdoctor : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000815.exe -> Downloader.Zlob.apm : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000836.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000837.dll -> Logger.VBStat.e : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000838.dll -> Trojan.BHO.g : Cleaned.
C:\System Volume Information\_restore{8B69B694-F3BB-475B-AD87-D9B2B71CD4EC}\RP7\A0000835.exe -> Trojan.Starter.65 : Cleaned.


::Report end
agines311
2006-10-17, 23:47
Logfile of HijackThis v1.99.1
Scan saved at 2:53:58 PM, on 10/17/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [qhssili.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\qhssili.dll,eaoplz
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1160802216912
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe


Thanks again!
-Adam
LonnyRJones
2006-10-18, 05:07
One remaning item
Start Hijackthis and place a check next to these items If there.
O4 - HKLM\..\Run: [qhssili.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\qhssili.dll,eaoplz

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Let us know of any problems
agines311
2006-10-18, 18:22
you are amazing......what a mess......Everything seems to be working just fine now...Thank you so much!!!!

-Adam
LonnyRJones
2006-10-21, 13:44
Still ok ?

If so Purge System Restore
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Then Reboot. < Dont skip that step.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

To help avoid reinfection see "So how did I get infected in the first place?"
http://forums.spybot.info/showthread.php?t=279
agines311
2006-10-24, 06:18
Done!

From what I can tell, everything seems to be working just fine....Thanks again!!!!!!
LonnyRJones
2006-10-29, 01:03
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let one of us know via a PM (personal message).