Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I need help with errors...


  • Please log in to reply

#1
lew10281

lew10281

    Member

  • Member
  • PipPip
  • 48 posts
Sorry to be back again but it was not my fault i got re-infected. I use Firefox faithfully, but everybody else here uses IE. So i think my cousin got the computer infected again. I ran Ad-Aware, Spybot, and everything is. I used the new AVG Anti-Spyware and i let that run for 5 hours and its still infected.

Last time i worked with JFCap, but everybody on this site is great and a big help. Sooooooo here is my hijackthis log.




Logfile of HijackThis v1.99.1
Scan saved at 7:45:00 PM, on 10/25/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Documents and Settings\Owner\kqxnfcyq.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.quicksearch.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [ErrorGuard] C:\Program Files\ErrorGuard\ErrorGuard.Exe
O4 - HKLM\..\Run: [sysfrcx] C:\WINDOWS\System32\sysfrcx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb02b.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: sysfrcx - sysfrcx.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Windows Management Construct (winmgmc) - Unknown owner - C:\WINDOWS\winmgc.exe (file missing)
  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download SmitfraudFix.zip and save it to your desktop.
  • Unzip (extract) the contents of SmitfraudFix.zip to a new SmitfraudFix folder on your desktop.
  • Open the SmitfraudFix folder and double-click the smitfraudfix.cmd file.
  • Select option #1 - Search by typing 1 and press "Enter"
  • A text file will appear, which lists the infected files that it finds, if any.
  • Copy and paste the contents of that report into your next reply to this thread.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
  • 0

#3
lew10281

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
i didn't understand the first part. I had got that error and it wouldn't let me be able to copy and paste.

but heres the hijackthis log

Ad-aware 6 Personal
Ad-Aware SE Personal
Adobe Acrobat 6.0 Standard
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Download Manager 2.0 (Remove Only)
Adobe Reader 6.0.1
Agere Systems PCI Soft Modem
AOL Instant Messenger
Ares Lite Edition 1.8.1
AVG Anti-Spyware 7.5
BitTornado 0.3.7
Blackhawk Striker from Hewlett-Packard Desktops (remove only)
Blasterball 2 from Hewlett-Packard Desktops (remove only)
Bounce Symphony from Hewlett-Packard Desktops (remove only)
Charter Pipeline® Self-Installation
Crystal Maze from Hewlett-Packard Desktops (remove only)
Danny Phantom Ghost Sweep (remove only)
dBpowerAMP Music Converter
DivX
DivX Converter
DivX Player
DivX Web Player
Doras 3D Soccer (remove only)
Dora's Carnival Adventure (remove only)
DVD X Rescue
DVDXCopy 1.2.1 b628 (remove only)
DVDXCopy Platinum 3.1.1
DVDXCopy Platinum 4.0.3
Easy Internet Sign-up
eBook Pro Viewer 5.54
Error Guard 2.5.0
ewido security suite
Fairly Odd Parents Information Stupor Highway (remove only)
Feeding Frenzy (remove only)
Five Card Frenzy from Hewlett-Packard Desktops (remove only)
Google Desktop
Google Toolbar for Firefox
Hey Arnold Runaway Bus 3D Game (remove only)
High Definition Audio Driver Package - KB835221
HijackThis 1.99.1
HP Deskjet Preloaded Printer Drivers
HP Image Zone 3.5
HP Image Zone Plus 3.5
HP Instant Support
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 3.5
HP Software Update
HPIZ350
Huffyuv AVI lossless video codec (Remove Only)
IntelliMover Data Transfer Demo
InterActual Player
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
Jewel Quest (remove only)
Jimmy Neutron Rescue Jet Fusion (remove only)
Jimmy Neutron Space Blast (remove only)
Kaspersky Anti-Virus Web Scanner
Kim Possible
LimeWire 4.9.27
Macromedia Flash Player 8
Macromedia Shockwave Player
Magic Ball 2 (remove only)
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft AntiSpyware
Microsoft Money 2004
Microsoft Money 2004 System Pack
Microsoft Office Professional Edition 2003
Microsoft Plus! Digital Media Edition
Microsoft Works 7.0
Mirror Magic Deluxe (remove only)
Mozilla Firefox (1.5.0.7)
MSN
My Global Search Bar
Nicktoons Challenge! (remove only)
Nokia Audio Manager 3.0
Nokia PC Connectivity SDK 3.0
Nothin But Net (remove only)
NVIDIA Display Driver
NVIDIA Ethernet Driver
Orbital from Hewlett-Packard Desktops (remove only)
Otto from Hewlett-Packard Desktops (remove only)
Outlook Express Update Q330994
Overball from Hewlett-Packard Desktops (remove only)
PC-Doctor for Windows
Photosmart 140,240,7200,7600,7700,7900 Series
Polar Bowler from Hewlett-Packard Desktops (remove only)
PS2
Quicken 2004
QuickTime
RealArcade
RealPlayer
RecordNow!
Rocket Power Big Air Mountain (remove only)
Sandlot Games Client Services
Slyder from Hewlett-Packard Desktops (remove only)
Snowy - Treasure Hunter (remove only)
Sonic Update Manager
Sophos Anti-Virus
Sophos AutoUpdate
SpongeBob SquarePants Diner Dash (remove only)
SpongeBob SquarePants Krabby Quest (remove only)
SpongeBob SquarePants Obstacle Odyssey (remove only)
Spybot - Search & Destroy 1.3
The Fairly OddParents - Timmy`s Roach Rampage (remove only)
The Wild Thornberrys Movie - Chopper Chase (remove only)
Toolkit View(HP)
Tradewinds from Hewlett-Packard Desktops (remove only)
Updates from HP
Vegas21Club.NET Casino
VideoLAN VLC media player 0.8.1
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Wheel of Fortune (remove only)
Wild Thornberrys Australian Wildlife Rescue (remove only)
WildTangent Web Driver
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB810217
Windows XP Hotfix - KB821431
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB833407
Windows XP Hotfix - KB835732
Windows XP Hotfix (SP2) [See q329256 for more information]
Windows XP Hotfix (SP2) Q327979
Windows XP Hotfix (SP2) Q329112
Windows XP Hotfix (SP2) Q331958
Windows XP Hotfix (SP2) Q811789
Windows XP Hotfix (SP2) Q814995
Windows XP Hotfix (SP2) Q815485
Windows XP Hotfix (SP2) Q817357
Windows XP Service Pack 1a
Word Symphony from Hewlett-Packard Desktops (remove only)
Yahoo! Address AutoComplete
Yahoo! extras
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
That's not the Hijack This log. That is the uninstall list. You also missed the Smitfraudfix log:

* Click here to download SmitfraudFix.zip and save it to your desktop.

  • Unzip (extract) the contents of SmitfraudFix.zip to a new SmitfraudFix folder on your desktop.
  • Open the SmitfraudFix folder and double-click the smitfraudfix.cmd file.
  • Select option #1 - Search by typing 1 and press "Enter"
  • A text file will appear, which lists the infected files that it finds, if any.
  • Copy and paste the contents of that report into your next reply to this thread.
Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm

Since I have most of what I need now, I'll forego the preliminary Smitfraudfix log and get on to the fix part so as not to waste any more time. Please go ahead and do all of the following:


* Go to Add/Remove programs and uninstall these:

Error Guard 2.5.0
Java 2 Runtime Environment, SE v1.4.2_03
My Global Search Bar
Viewpoint Manager (Remove Only)
Viewpoint Media Player



* Now go here and install the latest version of Java.


* Update AVG-Antispyware:
  • On the main screen click on the "Update now" link and the update should begin immediately.
    • If the update does not begin, select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
  • If you cannot download the updates, update manuallly according to the directions here.
  • If you do the manual update, look under "Full database" and click the "Download now" button.
  • DO NOT run a scan yet. You will do that later in safe mode.

* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Restart your computer into safe mode now. Perform the following steps in safe mode:

* Run AVG Anti-Spyware:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • It will then begin the scanning process, be patient it may take a while for the scan to complete.
  • When the scan is complete, you must select an action.
  • Select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen
  • Save the report as a text file and save it to your desktop.
  • Close AVG Anti-Spyware.

* Run the SmitfraudFix:
  • Open the SmitfraudFix folder again and double-click the smitfraudfix.cmd file.
  • Select option #2 - Clean by typing 2 and press "Enter" to delete the infected files.
  • You will receive this prompt:
    • "Registry cleaning - Do you want to clean the registry ?"
  • Answer "Yes" by typing Y and press "Enter" and it will begin cleaning the infection.
  • Next the tool will check to see if wininet.dll is infected.
  • You may be prompted to replace the infected wininet.dll file if it is found.
  • Answer "Yes" by typing Y and press "Enter".
  • The tool may need to restart your computer to finish the cleaning process.
  • If it doesn't restart your computer automatically when it is finished, restart it back to Windows normally yourself.
  • A text file will appear onscreen, with results from the cleaning process.
  • Copy and paste the contents of that report into your next reply to this thread along with a new Hijack This log.
  • If the report doesn't open after you restart back to Windows normally, the report can be found at the root of the system drive, usually C:\rapport.txt.

  • 0

#5
lew10281

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:10:33 PM 10/28/2006

+ Scan result:



HKU\S-1-5-21-3563315549-3137313077-523879577-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Windows installer -> Adware.PestTrap : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298311.dll -> Adware.Relevance : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smuno\4D.tmp -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\smuno\4F.tmp -> Downloader.Agent.lg : Cleaned with backup (quarantined).
C:\WINDOWS\system32\qayya.dat -> Downloader.Qoologic.u : Cleaned with backup (quarantined).
C:\Program Files\Windows Media Player\wmplayer.exe.tmp -> Downloader.Small.bem : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\Local Settings\Temp\temp.fr7644\rainbow\vocabulary -> Downloader.TSUpdate.j : Cleaned with backup (quarantined).
C:\WINDOWS\system32\ld100.tmp -> Downloader.Zlob.sd : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\dihonljh.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\ghhtavgr.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\kqxnfcyq.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\wiyyhycr.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298312.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298313.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298314.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298315.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298316.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298317.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298318.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298319.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{DD9CB1FB-3F7A-40CF-B44C-DD1502404737}\RP559\A0298320.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
C:\winstall.exe -> Not-A-Virus.Hoax.Win32.Renos.eo : Cleaned with backup (quarantined).
:mozilla.263:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.264:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.266:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.267:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.268:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.269:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.270:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.271:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.272:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.273:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.372:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.639:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.680:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.709:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Aavalue : Cleaned.
:mozilla.368:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.370:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.651:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.489:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.121:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.531:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Adserver : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.333:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.400:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.401:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.402:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.719:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.718:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.213:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.214:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.218:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.219:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.646:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.280:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.694:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.649:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.281:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.422:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.494:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.495:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.496:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.497:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.462:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.463:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.564:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.262:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.529:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.581:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.604:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.605:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.631:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.635:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.657:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.674:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.430:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.431:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.438:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.440:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.441:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.86:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.545:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.446:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.448:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Qksrv : Cleaned.
:mozilla.323:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.324:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.325:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.326:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.451:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Realtracker : Cleaned.
:mozilla.601:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.536:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.375:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.377:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.359:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.488:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.395:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.396:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.336:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.487:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.394:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.654:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.31:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.308:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.309:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.310:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ga798v3v.lew10281\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
______________________________________________________________________________________








Smithfraud Report:

SmitFraudFix v2.117

Scan done at 14:47:39.29, Mon 10/30/2006
Run from C:\Documents and Settings\Owner\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\winstall.exe Deleted
C:\Documents and Settings\Owner\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

_____________________________________________________________________________



Hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 3:05:40 PM, on 10/30/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\System32\hphmon05.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ps2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\gearsec.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
c:\ann.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {D714A94F-123A-45CC-8F03-040BCAF82AD6} - C:\WINDOWS\Downloaded Program Files\SbCIe02b.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\System32\hphmon05.exe
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [UpdateManager] "c:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [ServiceLayer] C:\Program Files\Common Files\Nokia\Services\ServiceLayer.exe
O4 - HKLM\..\Run: [Nokia Tray Application] C:\Program Files\Common Files\Nokia\NCLTools\NclTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [sysfrcx] C:\WINDOWS\System32\sysfrcx.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [gwiz] C:\WINDOWS\System32\ntsystem.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [PestTrap] C:\Program Files\PestTrap\PestTrap.exe
O4 - Startup: HP Organize.lnk = ?
O4 - Startup: IMStart.lnk = C:\Program Files\InterMute\IMStart.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Add To HP Organize... - C:\PROGRA~1\HEWLET~1\HPORGA~1\bin\core.hp.main\SendTo.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.../kavwebscan.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {1D0D9077-3798-49BB-9058-393499174D5D} - file://c:\counter.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfar...tup1.0.0.15.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.h...staller_gmn.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguar...ion/Install.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {352797A0-EFD0-4FA6-B229-145120EA4B8A} (Walt Disney Internet Group Hardware Control) - https://disneyblast....wareControl.cab
O16 - DPF: {640B39C1-D713-464F-92C3-75BD972B95EE} - http://www.sidestep....42037/sb02b.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/.../GrooveAX27.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.m...ash/swflash.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai...5/installer.exe
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: sysfrcx - sysfrcx.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Gear Security Service (GEARSecurity) - GEAR Software - C:\WINDOWS\System32\gearsec.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos plc - c:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos plc - c:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: Windows Management Construct (winmgmc) - Unknown owner - C:\WINDOWS\winmgc.exe (file missing)
  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

  • 0

#7
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Let me know how the pc is behaving when you come bak here to post the BitDefender log and the new Hijack THis log.
  • 0

#8
lew10281

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
its still bad. the errors keep popping up.










BitDefender Online Scanner



Scan report generated at: Tue, Oct 31, 2006 - 23:12:34





Scan path: C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;







Statistics

Time
08:01:43

Files
3263638

Folders
9701

Boot Sectors
3

Archives
21790

Packed Files
331436




Results

Identified Viruses
42

Infected Files
167

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
169




Engines Info

Virus Definitions
479657

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JKLMEXG\thin_bundlelite[1].exe
Infected with: Dropped:Trojan.Bettinet.B

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JKLMEXG\thin_bundlelite[1].exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\0JKLMEXG\thin_bundlelite[1].exe
Deleted

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S7Y5S3A3\kwlist2[1].exe
Infected with: Trojan.Elitebar.M

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S7Y5S3A3\kwlist2[1].exe
Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S7Y5S3A3\kwlist2[1].exe
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>Gummy.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>Gummy.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>Gummy.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>Counter.class
Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>Counter.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>Counter.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>VerifierBug.class
Infected with: Java.Trojan.ClassLoader.K

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>VerifierBug.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>VerifierBug.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip
Updated

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>Beyond.class
Infected with: Java.Trojan.ClassLoader.K

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>Beyond.class
Disinfection failed

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip=>Beyond.class
Deleted

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\arr3.jar-53b20017-675cc9e9.zip
Updated

C:\Documents and Settings\Owner\Desktop\keycodec.1388.exe=>(NSIS o)=>lzma_nsis0006
Infected with: Trojan.Downloader.Zlob.BDE

C:\Documents and Settings\Owner\Desktop\keycodec.1388.exe=>(NSIS o)=>lzma_nsis0006
Disinfection failed

C:\Documents and Settings\Owner\Desktop\keycodec.1388.exe=>(NSIS o)=>lzma_nsis0006
Deleted

C:\Documents and Settings\Owner\Desktop\keycodec.1388.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Owner\Desktop\ppmanager.1388.exe=>(NSIS o)=>lzma_nsis0006
Infected with: Trojan.Downloader.Zlob.BDE

C:\Documents and Settings\Owner\Desktop\ppmanager.1388.exe=>(NSIS o)=>lzma_nsis0006
Disinfection failed

C:\Documents and Settings\Owner\Desktop\ppmanager.1388.exe=>(NSIS o)=>lzma_nsis0006
Deleted

C:\Documents and Settings\Owner\Desktop\ppmanager.1388.exe=>(NSIS o)
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0BLVA6FL\thin_bundlelite[1].exe
Infected with: Dropped:Trojan.Bettinet.B

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0BLVA6FL\thin_bundlelite[1].exe
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0BLVA6FL\thin_bundlelite[1].exe
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[1].CHM=>/stats12.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.4C03DE17

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[1].CHM=>/stats12.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[1].CHM=>/stats12.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[1].CHM=>/stats12.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[2].CHM=>/stats12.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.4C03DE17

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[2].CHM=>/stats12.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[2].CHM=>/stats12.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[2].CHM=>/stats12.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS12[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[10].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[10].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[10].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[10].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[10].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[11].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[11].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[11].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[11].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[11].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[1].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[1].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[1].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[1].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[2].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[2].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[2].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[2].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[3].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[3].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[3].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[3].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[3].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[4].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[4].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[4].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[4].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[4].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[5].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[5].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[5].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[5].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[5].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[6].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[6].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[6].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[6].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[6].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[7].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[7].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[7].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[7].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[7].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[8].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[8].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[8].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[8].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[8].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[9].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[9].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[9].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[9].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS13[9].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[1].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.3FF480E8

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[1].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[1].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[1].CHM=>/stats22.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[2].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.3FF480E8

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[2].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[2].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[2].CHM=>/stats22.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[3].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.3FF480E8

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[3].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[3].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[3].CHM=>/stats22.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[3].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[4].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.3FF480E8

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[4].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[4].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[4].CHM=>/stats22.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[4].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[5].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.3FF480E8

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[5].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[5].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[5].CHM=>/stats22.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[5].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[6].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.3FF480E8

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[6].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[6].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[6].CHM=>/stats22.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[6].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[7].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.3FF480E8

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[7].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[7].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[7].CHM=>/stats22.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[7].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[8].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.3FF480E8

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[8].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[8].CHM=>/stats22.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[8].CHM=>/stats22.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS22[8].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[1].CHM=>/stats25.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.C68CAFA4

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[1].CHM=>/stats25.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[1].CHM=>/stats25.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[1].CHM=>/stats25.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[2].CHM=>/stats25.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.C68CAFA4

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[2].CHM=>/stats25.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[2].CHM=>/stats25.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[2].CHM=>/stats25.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS25[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[1].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.C4458BFA

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[1].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[1].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[1].CHM=>/stats28.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[2].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.C4458BFA

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[2].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[2].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[2].CHM=>/stats28.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[3].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.C4458BFA

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[3].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[3].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[3].CHM=>/stats28.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[3].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[4].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.C4458BFA

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[4].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[4].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[4].CHM=>/stats28.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[4].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[5].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.C4458BFA

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[5].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[5].CHM=>/stats28.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[5].CHM=>/stats28.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS28[5].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[1].CHM=>/stats8.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.DD1DDA4A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[1].CHM=>/stats8.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[1].CHM=>/stats8.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[1].CHM=>/stats8.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[2].CHM=>/stats8.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.DD1DDA4A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[2].CHM=>/stats8.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[2].CHM=>/stats8.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[2].CHM=>/stats8.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\STATS8[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\system[11].x=>(NSIS o)=>zlib_nsis0001
Detected with: Adware.Statmedia.A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\system[11].x=>(NSIS o)=>zlib_nsis0001
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\system[11].x=>(NSIS o)=>zlib_nsis0001
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\system[11].x=>(NSIS o)
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK6[1].CHM=>/track6.htm
Infected with: Generic.XPL.ADODB.BC75E241

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK6[1].CHM=>/track6.htm
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK6[1].CHM=>/track6.htm
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK6[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK6[2].CHM=>/track6.htm
Infected with: Generic.XPL.ADODB.BC75E241

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK6[2].CHM=>/track6.htm
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK6[2].CHM=>/track6.htm
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK6[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK9[1].CHM=>/track9.htm
Infected with: Generic.XPL.ADODB.9EE586B4

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK9[1].CHM=>/track9.htm
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK9[1].CHM=>/track9.htm
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JTBIAZ9\TRACK9[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JZFY89D\xp-adtegrity-728[1].swf=>[SWF command]
Infected with: Trojan.SwfDL.A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JZFY89D\xp-adtegrity-728[1].swf=>[SWF command]
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JZFY89D\xp-adtegrity-728[1].swf=>[SWF command]
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\0JZFY89D\xp-adtegrity-728[1].swf
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\1[1].txt=>(NSIS o)=>zlib_nsis0001
Detected with: Adware.Smartpops.C

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\1[1].txt=>(NSIS o)=>zlib_nsis0001
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\1[1].txt=>(NSIS o)=>zlib_nsis0001
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\1[1].txt=>(NSIS o)
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\CA45DW3B.html
Suspected of: Trojan.Clicker.HTML.IFrame.A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\CA45DW3B.html
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\CA45DW3B.html
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\CAB6ORN1.html=>index.html
Suspected of: Trojan.Clicker.HTML.IFrame.A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\CAB6ORN1.html=>index.html
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\CAB6ORN1.html=>index.html
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\CAB6ORN1.html
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\crs[1].ani
Infected with: Exploit.Win32.MS05-002.Gen

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\crs[1].ani
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\crs[1].ani
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[1].chm=>/index.exe
Infected with: Backdoor.Lamebot.A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[1].chm=>/index.exe
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[1].chm=>/index.exe
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[1].chm
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[1].exe
Infected with: Backdoor.Lamebot.A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[1].exe
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[1].exe
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[2].chm=>/index.exe
Infected with: Backdoor.Lamebot.A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[2].chm=>/index.exe
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[2].chm=>/index.exe
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\index[2].chm
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\sp2[1].htm
Infected with: Generic.XPL.HelpX.FA405589

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\sp2[1].htm
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\sp2[1].htm
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[1].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[1].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[1].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[1].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[2].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[2].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[2].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[2].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[3].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[3].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[3].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[3].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[3].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[4].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[4].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[4].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[4].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[4].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[5].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.E3EB0855

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[5].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[5].CHM=>/stats13.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[5].CHM=>/stats13.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS13[5].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[1].CHM=>/stats14.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.1A932719

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[1].CHM=>/stats14.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[1].CHM=>/stats14.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[1].CHM=>/stats14.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[2].CHM=>/stats14.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.1A932719

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[2].CHM=>/stats14.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[2].CHM=>/stats14.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[2].CHM=>/stats14.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS14[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[1].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.939B0E8A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[1].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[1].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[1].CHM=>/stats5.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\stats5[1].htm
Infected with: Trojan.Exploit.Html.MHT

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\stats5[1].htm
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\stats5[1].htm
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[2].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.939B0E8A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[2].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[2].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[2].CHM=>/stats5.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[2].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\stats5[2].htm
Infected with: Trojan.Exploit.Html.MHT

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\stats5[2].htm
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\stats5[2].htm
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[3].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.939B0E8A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[3].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[3].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[3].CHM=>/stats5.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[3].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[4].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.939B0E8A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[4].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[4].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[4].CHM=>/stats5.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[4].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[5].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.939B0E8A

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[5].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[5].CHM=>/stats5.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[5].CHM=>/stats5.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS5[5].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS7[1].CHM=>/stats7.htm=>(JAVASCRIPT 1)
Infected with: Generic.XPL.ADODB.A7E4B2D7

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS7[1].CHM=>/stats7.htm=>(JAVASCRIPT 1)
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS7[1].CHM=>/stats7.htm=>(JAVASCRIPT 1)
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS7[1].CHM=>/stats7.htm
Updated

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\STATS7[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK21[1].CHM=>/track21.htm
Infected with: Generic.XPL.ADODB.C850FB28

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK21[1].CHM=>/track21.htm
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK21[1].CHM=>/track21.htm
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK21[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK29[1].CHM=>/track29.htm
Infected with: Generic.XPL.ADODB.6AC5339C

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK29[1].CHM=>/track29.htm
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK29[1].CHM=>/track29.htm
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK29[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK2[1].CHM=>/track2.htm
Infected with: Generic.XPL.ADODB.ED3F061B

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK2[1].CHM=>/track2.htm
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK2[1].CHM=>/track2.htm
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\1D9VQQBE\TRACK2[1].CHM
Update failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5R7R5TKE\n[10].anr
Infected with: Exploit.Win32.MS05-002.Gen

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5R7R5TKE\n[10].anr
Disinfection failed

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5R7R5TKE\n[10].anr
Deleted

C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\5R7R5TKE\n[11].anr
Infected with: Exploit.Win32.MS05-002.Gen

C:&#
  • 0

#9
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Tell me word for word what errors you ar getting and when.
  • 0

#10
lew10281

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
http://i29.photobuck...10281/Geeks.jpg


that's a screenshot of it. and do you see in the lower right hand corner where the task bar is?? In that yellow box... that's the error that keeps popping up. There are 2 red circles with X's on them that says :




"Your Computer is infected!

It is recommened to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you.

Click here to protect your computer from spyware"



No matter what scan i run, they still pop up and its annoying. So im thinking its something embedded in the registry. Also my cousin clicked on some [bleep] and now those pop ups are coming. Also different types of spyware pop-ups are coming up now too. you know the ones that try to help you get rid of spyware then starts automatically try to clean spyware. hope that's not confusing. To answer the when question its everytime im online. so 24/7

You can hit me up on AIM at DLO110 or Yahoo at lew10281. maybe we can catch each other on here at the same time.

Edited by lew10281, 02 November 2006 - 08:36 PM.

  • 0

#11
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Click here to download smitRem.exe.
  • Save the file to your desktop.
  • It is a self extracting file.
  • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
  • If the link to SmitRem above is not working try this one.
* Update AVG Anti-Spyware:
  • On the main screen click on the "Update now" link and the update should begin immediately.
    • If the update does not begin, select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
  • If you cannot download the updates, update manuallly according to the directions here.
  • If you do the manual update, look under "Full database" and click the "Download now" button.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Run AVG Anti-Spyware:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • It will then begin the scanning process, be patient it may take a while for the scan to complete.
  • When the scan is complete, you must select an action.
  • Select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen
  • Save the report as a text file and save it to your desktop.
  • Close AVG Anti-Spyware.
* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Run ActiveScan online virus scan here

When the scan is finished, save the results from the scan!

SmitRem creates a log file with the results of it's fix in C:\smitfiles.txt. Go to your C drive and locate the smitfiles.txt file. Copy and paste the contents of the smitfiles.txt file in your next reply here along with a new HiJackThis log and the results from ActiveScan

Edited by flrman1, 03 November 2006 - 12:35 PM.

  • 0

#12
lew10281

lew10281

    Member

  • Topic Starter
  • Member
  • PipPip
  • 48 posts
i had did that and it was fixed...now somethin else happened again...are you still helping me with this??
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP