Hey!
Thats cool, thanx for the help! Heres the stuff you req;
Ewido scan;
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:21:46 PM 9/11/2006
+ Scan result:
C:\WINDOWS\ZG9ubmEgYmVyZ2hvZmY\asappsrv.dll -> Adware.CommAd : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KTQBW1U3\Installer[1].exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\Installer3.exe -> Adware.Look2Me : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1\netapi[1].exe -> Backdoor.Rbot.bgu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\4R61QTW1\netapi[2].exe -> Backdoor.Rbot.bgu : Cleaned with backup (quarantined).
C:\WINDOWS\system32\javanet.exe -> Backdoor.Rbot.bgu : Cleaned with backup (quarantined).
C:\MS32.exe -> Backdoor.Rbot.bie : Cleaned with backup (quarantined).
C:\WINDOWS\system32\28304_netapi.exe -> Backdoor.Rbot.bie : Cleaned with backup (quarantined).
C:\WINDOWS\system32\74150_netapi.exe -> Backdoor.Rbot.bie : Cleaned with backup (quarantined).
C:\WINDOWS\system32\MS32.exe -> Backdoor.Rbot.bie : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\O3092XI5\43072_netapi[1].exe -> Backdoor.Rbot.bie : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\W1QVMVQX\80768_netapi[1].exe -> Backdoor.Rbot.bie : Cleaned with backup (quarantined).
C:\WINDOWS\system32\setup_05142.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\WINDOWS\system32\setup_07188.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\WINDOWS\wfdmgr.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\WINDOWS\wfvmgr.exe -> Backdoor.SdBot.xd : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45678XYN\drsmartload45a[1].exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8LMB0P23\drsmartload46a[1].exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KTQBW1U3\drsmartload849a[1].exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload45a45p.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload46a46p.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\drsmartload849a849p.exe -> Downloader.Adload.ds : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7UDRS5HK\abcd[1].txt/drxvp.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7UDRS5HK\abcd[2].txt/drxvp.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7UDRS5HK\abcd[3].txt/drxvp.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\WINDOWS\system32\config\drxvp.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\abcd.exe/drxvp.exe -> Downloader.Adload.ep : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\45678XYN\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KTQBW1U3\loader[1].exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\drsmartload.exe -> Downloader.VB.agk : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\2I4WUER4\WinAntiVirusPro2006FreeInstall[1].cab/UWA6P_0001_N91M1807NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Cleaned with backup (quarantined).
C:\Program Files\Network Monitor\netmon.exe -> Not-A-Virus.Monitor.Win32.NetMon.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\
[email protected][2].txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Documents and Settings\LocalService\Cookies\system@findwhat[1].txt -> TrackingCookie.Findwhat : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\
[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\
[email protected][2].txt -> TrackingCookie.Reliablestats : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Cookies\
[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
::Report end
Brute Force;
BFU v1.00.9
Windows XP SP1 (WinNT 5.01.2600 SP1)
Script started at 5:40:05 PM, on 9/11/2006
Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\DOCUME~1\Owner\LOCALS~1\Temp\~DFF832.tmp (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.
Active Scan:
Incident Status Location
Adware:Adware/CommAd Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\7UDRS5HK\installer[1].exe
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KTQBW1U3\deskbar[1].exe
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[1].txt
Potentially unwanted tool:Application/HideWindow.A Not disinfected C:\hp\bin\FondleWindow.exe
Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
Potentially unwanted tool:Application/KillApp.A Not disinfected C:\hp\bin\Terminator.exe
Spyware:Spyware/Virtumonde Not disinfected C:\RECYCLER\S-1-5-21-3265560598-3671295393-1203417507-1003\Dc2\backup-20060910-162423-944.dll
Adware:Adware/Ucmore Not disinfected C:\UCmore - The Search Accelerator\How To Uninstall.lnk
Adware:Adware/Ucmore Not disinfected C:\UCmore - The Search Accelerator\UCmore Tour.lnk
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\awtqnkh.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\byxxurs.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\efcdaaa.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\fccdeec.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\nnnnool.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\opnmmki.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pmnlmji.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pmnmjgd.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\pmnnkhi.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\qomklki.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\tuvwvsr.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vtustur.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\wvurrrp.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\xxyaxya.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\yayvvwx.dll
Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\yaywtrs.dll
Adware:Adware/CommAd Not disinfected C:\WINDOWS\ZG9ubmEgYmVyZ2hvZmY\t36RvAH0sApVtZ1StAs.vbs
Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 1:54:00 PM, on 9/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\bootini.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\AOL\1158111629\ee\aolsoftware.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\hjt.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.geekstogo.com/forum/F2 - REG:system.ini: Shell=Explorer.exe bootini.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,bootini.exe
O2 - BHO: (no name) - {44D02663-7E13-47AD-945F-AB3086E1D918} - C:\WINDOWS\System32\sstqr.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Microsoft Windows] bootini.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Windows] bootini.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) -
http://www.fileplane...DC_2.2.2.89.cabO16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoft...free/asinst.cabO20 - Winlogon Notify: sstqr - C:\WINDOWS\System32\sstqr.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: wkssvc (Windows Kernel Serivce) - Unknown owner - C:\WINDOWS\AIMClient.exe (file missing)
O23 - Service: Microsoft Windows Spool Service (Windows Spool Service) - Unknown owner - C:\WINDOWS\wfvmgr.exe (file missing)