HijackThis log (Please check ASAP)

[Ried]

Hi,

Looking better. Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan

1. Click on located at the bottom of the page.
2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*

Begin the scan by selecting

• If it finds any malware, it will offer you a report.
• Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
• Click on then click

* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with dss.exe.

--------------------------------------------------------------------

Please include the following in your next reply:

Panda results
main.txt

[ChemicalRomance]

Incident Status Location

Adware:adware/whenusearch Not disinfected C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU
Adware:adware/navhelper Not disinfected Windows Registry
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.888.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.go.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.adrevolver.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Johnny\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Johnny\Desktop\SDFix\apps\Process.exe
Adware:Adware/SaveNow Not disinfected C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar[content/overlay.js]
Adware:Adware/SaveNow Not disinfected C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll
Adware:Adware/PurityScan Not disinfected C:\QooBox\purity\C\DOCUME~1\Johnny\MYDOCU~1\WNSXS~1\w?wexec.exe
Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1122OinUninstaller.exe.vir
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\Program Files\Ipwindows\ipwins.dll.vir
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\Program Files\Ipwindows\ipwins.exe.vir
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\Program Files\Ipwindows\UnInstall.exe.vir
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir
Adware:Adware/DeluxeComunications Not disinfected C:\QooBox\Quarantine\C\WINDOWS\retadpu41.exe.vir
Adware:Adware/Borlander Not disinfected C:\QooBox\Quarantine\C\WINDOWS\updater.exe.vir
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\b116.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

[ChemicalRomance]

Deckard's System Scanner v20070426.43
Run by Johnny on 2007-05-22 at 18:20:44
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Johnny.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:20:46 PM, on 5/22/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Johnny\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Johnny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEB9E14-2AE8-4374-B48E-4BD936FAAFFE}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe


-- Files created between 2007-04-22 and 2007-05-22 -----------------------------

2007-05-15 00:08:47 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-05-13 03:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2007-05-13 03:04:05 0 d-------- C:\Documents and Settings\Johnny\Application Data\GRETECH
2007-05-13 03:03:38 0 d-------- C:\Program Files\GRETECH
2007-05-01 05:18:02 0 d-------- C:\WORD
2007-05-01 03:16:48 0 d-------- C:\Program Files\GPSoftware
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer Pro
2007-04-29 19:37:48 0 d-------- C:\Program Files\Webteh
2007-04-29 15:37:50 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-04-29 15:37:48 0 d-------- C:\Program Files\CyberLink


-- Find3M Report ---------------------------------------------------------------

2007-05-22 18:03:26 0 d-------- C:\Program Files\MSN Messenger
2007-05-22 18:03:18 0 d-------- C:\Program Files\Messenger
2007-05-22 12:36:23 0 d-------- C:\Program Files\SpeedFan
2007-05-21 16:50:12 0 d-------- C:\Program Files\BitTornado
2007-05-12 19:41:13 0 d-------- C:\Program Files\Winamp
2007-05-01 03:16:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-28 13:46:30 0 d-------- C:\Documents and Settings\Johnny\Application Data\uTorrent
2007-04-25 16:22:15 0 d-------- C:\Program Files\Common Files\?dobe
2007-04-20 03:42:30 0 d-------- C:\Program Files\SpywareBlaster
2007-04-17 10:20:49 0 d-------- C:\Program Files\Alwil Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Everstrike Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Common Files\Everstrike Software
2007-04-13 15:42:29 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Real
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Media Player Classic
2007-04-04 00:59:58 0 d-------- C:\Program Files\Real Alternative
2007-04-04 00:59:55 0 d-------- C:\Program Files\Media Player Classic
2007-04-01 01:07:35 3712 --a------ C:\WINDOWS\System32\socketlock.sys
2007-04-01 00:34:30 0 d-------- C:\Program Files\Foxit Software
2007-03-31 03:41:34 0 d-------- C:\Program Files\Ares
2007-03-29 16:44:44 0 d-------- C:\Program Files\SlySoft
2007-03-29 16:28:56 0 d-------- C:\Program Files\Alcohol Soft
2007-03-29 16:28:01 0 d-------- C:\Program Files\Elaborate Bytes
2007-03-29 16:26:21 0 d-------- C:\Program Files\DVD Shrink
2007-03-23 02:40:12 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-22 01:09:38 0 d-------- C:\Program Files\XviD
2007-03-22 00:43:30 0 d-------- C:\Documents and Settings\Johnny\Application Data\vlc
2007-03-20 02:56:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 02:56:35 2301 --a------ C:\WINDOWS\mozver.dat
2007-03-20 02:24:29 0 -rahs---- C:\MSDOS.SYS
2007-03-20 02:24:29 0 -rahs---- C:\IO.SYS
2007-03-20 02:24:29 0 --a------ C:\CONFIG.SYS
2007-03-20 02:24:29 0 --a------ C:\AUTOEXEC.BAT
2007-03-20 02:20:56 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-03-19 18:10:29 62 --ahs---- C:\Documents and Settings\Johnny\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{D80C4E21-C346-4E21-8E64-20746AA20AEB} C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryUpdate"=""
"Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundFusion"="RunDll32 hercplgs.cpl,BootEntryPoint"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"LFAgent"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-22 at 18:21:05 ---------

[Ried]

What happened to your Avast AV? It was there in your first set of logs, but I no longer see it on your system.

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)


Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following Files and Folder if they still exist.

C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\ whenu_ff.jar
C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\ whenu_ff.dll
C:\QooBox
C:\Program Files\Common Files\ ?dobe <--The ? can be any character

--------------------------------------------------------------------

The remaining finds by Panda were also detected by AVG A-S and are still there because 'No Action' was taken when you previously ran AVG A-S. Please check your settings and run it again:

Launch AVG A-S

• On the main screen select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
• Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
• Under "Reports"
  • Select "Automatically generate report after every scan"
  • Un-Select "Only if threats were found"

Now run the scan:

• Click Scanner
• Click on the Scan tab
• Click Complete System Scan to begin scanning.
  Once the scan is complete do the following:
• If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
• Once finished, click the Save report button, then click Save Report As and save it to your desktop.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

If you are in need of an AV, here are 2 very good free Antivirus products which are available:

• Avast!
• AVG

Select one of these, or another of your choice. Download, install, update definitions, and run a full system scan.

--------------------------------------------------------------------

Run another online scan at Panda and save the results.

--------------------------------------------------------------------

Run a scan with dss.exe

--------------------------------------------------------------------

Please include the following in your next reply:

AVG A-S results
Panda results
main.txt

[ChemicalRomance]

I uninstalled it because it kept on stopping me from accepting a download or something.

This is a lot of work...

[ChemicalRomance]

umm, firefox now has a large status bar at the bottom of the screen with a red arrow on it...

[ChemicalRomance]

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:36:13 PM 5/23/2007

+ Scan result:



C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP7\A0001379.exe -> Adware.ManReg : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP7\A0001436.exe -> Adware.ManReg : Cleaned.
D:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP29\A0004160.exe -> Adware.ManReg : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP15\A0003632.dll -> Adware.NavExcel : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP105\A0012140.dll -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015932.exe -> Adware.PurityScan : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP133\A0023902.exe -> Adware.PurityScan : Cleaned.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\Customer Support.lnk -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : Cleaned.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP113\A0013433.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP113\A0013437.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP114\A0013504.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP133\A0023900.dll -> Adware.SaveNow : Cleaned.
D:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP114\A0013498.exe -> Adware.SaveNow : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015934.exe -> Adware.Softomate : Cleaned.
C:\WINDOWS\b116.exe -> Adware.Softomate : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP116\A0013611.exe -> Backdoor.IRCBot.aak : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015969.exe -> Backdoor.IRCBot.aak : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015980.exe -> Backdoor.IRCBot.aak : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP108\A0013237.exe -> Downloader.Age : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP103\A0011069.exe -> Downloader.Agent.bls : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP118\A0013677.exe -> Downloader.Agent.bls : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP124\A0015819.exe -> Downloader.Agent.bls : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015927.exe -> Downloader.Agent.bls : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015928.exe -> Downloader.Agent.bls : Cleaned.
D:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP45\A0008737.exe -> Downloader.Agent.bls : Cleaned.
D:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP44\A0008683.exe -> Downloader.Harnig.bq : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP105\A0012153.exe -> Downloader.PurityScan.eh : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP120\A0014712.exe -> Proxy.Slaper.e : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP120\A0014726.exe -> Proxy.Slaper.e : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP120\A0015706.exe -> Proxy.Slaper.e : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP120\A0015711.exe -> Proxy.Slaper.e : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015970.exe -> Proxy.Slaper.e : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015971.exe -> Proxy.Slaper.e : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015981.exe -> Proxy.Slaper.e : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015982.exe -> Proxy.Slaper.e : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP128\A0022221.exe -> Proxy.Slaper.e : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP46\A0008752.exe -> Proxy.Slaper.e : Cleaned.
:mozilla.103:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.104:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.105:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.106:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.107:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.562:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.563:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.82:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.84:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.85:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.87:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.93:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.572:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.573:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.574:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.575:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.12:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.10:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.11:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.13:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Johnny\Cookies\johnny@www.burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.138:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.139:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.140:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.141:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.142:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.143:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.144:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.74:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.75:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.263:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.264:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.265:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.266:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.267:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.268:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.269:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.270:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.271:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.272:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.287:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.288:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.53:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.54:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.55:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.56:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.276:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Dealtime : Cleaned.
:mozilla.315:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.338:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.462:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.493:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.503:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.553:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.554:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.555:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.556:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.557:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.408:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.409:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Gemius : Cleaned.
:mozilla.300:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.301:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
:mozilla.371:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.337:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Paypal : Cleaned.
:mozilla.309:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.310:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.311:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.312:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.313:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.314:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.351:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.352:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.353:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.354:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.355:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.356:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.357:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.358:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.100:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.94:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.95:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.96:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.97:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.98:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.99:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.25:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.26:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.27:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.28:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.108:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.41:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.42:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.43:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.44:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.45:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.46:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.49:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.47:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.48:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.50:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.51:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.52:C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Program Files\Alcohol Soft\Alcohol 120\crack.exe -> Trojan.Feutel.av : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP25\A0004020.exe -> Trojan.Feutel.av : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015929.dll -> Trojan.Rond : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015930.exe -> Trojan.Rond : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015931.exe -> Trojan.Rond : Cleaned.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP126\A0016127.exe -> Trojan.Small : Cleaned.


::Report end

[ChemicalRomance]

Incident Status Location

Adware:adware/navhelper Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.888.com/]
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.go.com/]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Johnny\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Johnny\Desktop\SDFix\apps\Process.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe

[ChemicalRomance]

Deckard's System Scanner v20070426.43
Run by Johnny on 2007-05-23 at 17:43:23
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Johnny.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:43:25 PM, on 5/23/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\internet explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Documents and Settings\Johnny\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Johnny.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEB9E14-2AE8-4374-B48E-4BD936FAAFFE}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe


-- Files created between 2007-04-23 and 2007-05-23 -----------------------------

2007-05-23 00:33:54 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-05-23 00:33:36 0 d-------- C:\Program Files\QuickTime
2007-05-23 00:33:29 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-05-15 00:08:47 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-05-13 03:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2007-05-13 03:04:05 0 d-------- C:\Documents and Settings\Johnny\Application Data\GRETECH
2007-05-13 03:03:38 0 d-------- C:\Program Files\GRETECH
2007-05-01 05:18:02 0 d-------- C:\WORD
2007-05-01 03:16:48 0 d-------- C:\Program Files\GPSoftware
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer Pro
2007-04-29 19:37:48 0 d-------- C:\Program Files\Webteh
2007-04-29 15:37:50 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-04-29 15:37:48 0 d-------- C:\Program Files\CyberLink


-- Find3M Report ---------------------------------------------------------------

2007-05-23 17:39:01 0 d-------- C:\Program Files\SpeedFan
2007-05-23 00:34:07 0 d-------- C:\Program Files\Real Alternative
2007-05-23 00:34:03 0 d-------- C:\Program Files\Media Player Classic
2007-05-22 18:03:26 0 d-------- C:\Program Files\MSN Messenger
2007-05-22 18:03:18 0 d-------- C:\Program Files\Messenger
2007-05-21 16:50:12 0 d-------- C:\Program Files\BitTornado
2007-05-12 19:41:13 0 d-------- C:\Program Files\Winamp
2007-05-01 03:16:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-28 13:46:30 0 d-------- C:\Documents and Settings\Johnny\Application Data\uTorrent
2007-04-20 03:42:30 0 d-------- C:\Program Files\SpywareBlaster
2007-04-17 10:20:49 0 d-------- C:\Program Files\Alwil Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Everstrike Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Common Files\Everstrike Software
2007-04-13 15:42:29 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Real
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Media Player Classic
2007-04-01 01:07:35 3712 --a------ C:\WINDOWS\System32\socketlock.sys
2007-04-01 00:34:30 0 d-------- C:\Program Files\Foxit Software
2007-03-31 03:41:34 0 d-------- C:\Program Files\Ares
2007-03-29 16:44:44 0 d-------- C:\Program Files\SlySoft
2007-03-29 16:28:56 0 d-------- C:\Program Files\Alcohol Soft
2007-03-29 16:28:01 0 d-------- C:\Program Files\Elaborate Bytes
2007-03-29 16:26:21 0 d-------- C:\Program Files\DVD Shrink
2007-03-23 02:40:12 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-20 02:56:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 02:56:35 2301 --a------ C:\WINDOWS\mozver.dat
2007-03-20 02:24:29 0 -rahs---- C:\MSDOS.SYS
2007-03-20 02:24:29 0 -rahs---- C:\IO.SYS
2007-03-20 02:24:29 0 --a------ C:\CONFIG.SYS
2007-03-20 02:24:29 0 --a------ C:\AUTOEXEC.BAT
2007-03-20 02:20:56 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-03-19 18:10:29 62 --ahs---- C:\Documents and Settings\Johnny\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryUpdate"=""
"Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundFusion"="RunDll32 hercplgs.cpl,BootEntryPoint"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"LFAgent"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-23 at 17:43:43 ---------

[Ried]

In Firefox, click Tools>Add-ons. Do you see WhenUSearch listed there? If so, Uninstall it.

There still is no Anti Virus on your system, this must be resolved--now. Connecting to the Internet without antivirus protection is a "Welcome" mat for malware and we're wasting time trying to clean it, or keep it clean especially as you engage in P2P file sharing.

Install and AV, then run a new scan with HijackThis and post it here.

[ChemicalRomance]

what are you talking about? i have AVG...

[Ried]

You have AVG Anti Spyware, not the Anti Virus. While the names are similar, they are not the same--each does something different.

Quote:

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

[ChemicalRomance]

Oh, okay. Oh well, it doesn't matter now anyway as I've got 'avast!' back on again.

Just out of curiosity, could I get AVG AV through updating AVG AS? Because I tried updating AVG AS last night, but just kept on getting connection problems with the server.



Logfile of HijackThis v1.99.1
Scan saved at 2:56:18 PM, on 5/24/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\RunOnce: [aswAhAScr.dll] C:\PROGRA~1\ALWILS~1\Avast4\ASWREG~1.EXE "C:\Program Files\Alwil Software\Avast4\AhAScr.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEB9E14-2AE8-4374-B48E-4BD936FAAFFE}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

[Ried]

Hi,

Quote:

Just out of curiosity, could I get AVG AV through updating AVG AS? Because I tried updating AVG AS last night, but just kept on getting connection problems with the server.

No--they are 2 separate programs. Keep trying to update the AVG Anti Spyware--try at different times of the day and see if you can't catch it when it's not so busy. If you still have difficulty getting the updates, use this link for manual updates for AVG AS:

http://download.ewido.net/avgas-sign...ll-current.exe

Download and execute the file, it will install to the default install directory.

These logs are clean, how is your system behaving? What ever happened with the status bar in Firefox?

[ChemicalRomance]

everything seems to be running fine, and firefox's status bar is back to normal.

thank you very much for all of your help, ried. it's very appreciated. take care.

[Ried]

You're quite welcome, ChemicalRomance.

We just have some final steps to take care of here...

Your logs are clean. If there aren't any more problems, please continue with these final instructions and helpful links:

Reset hidden/system files and folders
===============
Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Deselect the Show hidden files and folders option.
* Select the Hide file extensions for known types option.
* Select the Hide protected operating system files option.
Click Yes to confirm.
Click OK.

Ensure Windows Auto Update is Enabled
*Go to Start>Run - type wuaucpl.cpl
*Tick on the checkbox - "Automatically download the updates, and install them on the schedule that I specify".
Click on "OK".

Create a new System Restore point
Click Start >> Run - type SYSDM.CPL & press Enter
* Select the System Restore Tab
* Tick on the checkbox - "Turn off System Restore on all drives"
Click Apply
* Then untick the same checkbox & click OK
This will prevent any reinfection from previous restore points.


To help protect your computer in the future I recommend that you get the following free programs if you do not already have them:

McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.

SpywareBlaster 3.5.1 to help prevent spyware from installing in the first place. Install & update SpywareBlaster with the latest definitions. After you have updated, click the button - enable protection for all unprotected items.

Spyware Guard to catch and block spyware before it can execute.

IE-SPYAD.EXE to block access to malicious websites so you cannot be redirected to them from an infected site or email. IE/Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impairs attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. This is a self-extracting .ZIP file, save it to your desktop. Once downloaded, double-click on it to extract the files inside (default dir is C:\IE-SPYAD)

• Now navigate to C:\ie-spyad. Double click to open it.
• From within the folder, double-click install.bat
• Select Option #2 - Install the new IE-SPYAD list, by typing 2
• Then return to the main menu.
• Select option #4 - Add the old porn sites domain, by typing 4

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:

PC Safety and Security--What Do I Need?

HOW DID I GET INFECTED IN THE FIRST PLACE? by Tony Klein
THE ANTI-SPYWARE TUTORIAL
MAKING INTERNET EXPLORER SAFER
Understanding and Using Firewalls

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

-----------------------------------------------------

Follow the list above and the potential for infection will reduce dramatically.

[ChemicalRomance]

oh well, it looks like i've got problems again already... among a couple of smaller problems (i.e. hijackthis locking up whenever i load it!), my computer has been going to the "physical memory dumping" screen whenever i try and connect to the net...

[Ried]

Hi,

If you installed IESpyAD, it is normal for Hijackthis to 'stall' a bit while it reads all those entries. Wait it out and the tool will finish it's scan.

What I need now though, is for you to run a new scan with dss.exe and post the main.txt here for my review.

[ChemicalRomance]

that's a relief.



Deckard's System Scanner v20070426.43
Run by Johnny on 2007-05-31 at 14:11:46
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Johnny.exe) ----------------------------------------------

HijackThis failed to provide a log after three minutes; running clone instead.
-- HijackThis Clone ------------------------------------------------------------

Emulating logfile of HijackThis v1.99.1
Scan saved at 2007-05-31 14:14:48
Platform: Windows XP Service Pack 1 (5.01.2600)
MSIE: Internet Explorer (6.0.2800.1106)

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Documents and Settings\Johnny\Desktop\dss.exe
C:\Program Files\HijackThis\Johnny.exe

O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} () - http://download.microsoft.com/downlo...0C/wmv9dmo.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub...sh/swflash.cab
O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{1AEB9E14-2AE8-4374-B48E-4BD936FAAFFE}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
O23 - Service: avast! Antivirus - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
O23 - Service: avast! Mail Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
O23 - Service: avast! Web Scanner - ALWIL Software - "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - Microsoft Corp., Veritas Software - C:\WINDOWS\System32\dmadmin.exe /com
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe


-- Files created between 2007-04-30 and 2007-05-31 -----------------------------

2007-05-30 22:35:19 0 d-------- C:\Documents and Settings\Johnny\Application Data\Publish Providers
2007-05-30 22:35:19 0 d-------- C:\Documents and Settings\Johnny\Application Data\NetMedia Providers
2007-05-30 22:31:58 0 d-------- C:\Program Files\Sonic Foundry
2007-05-30 22:31:21 0 d-------- C:\Program Files\Sonic Foundry Setup
2007-05-30 22:30:35 0 d-------- C:\Video Software
2007-05-30 22:29:11 755200 --a------ C:\WINDOWS\System32\Ir50_32.dll <Not Verified; Intel Corporation; Intel Indeo® video 5.10>
2007-05-30 22:28:42 305152 --a------ C:\WINDOWS\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2007-05-30 22:21:28 0 d-------- C:\Program Files\Pinnacle
2007-05-30 22:15:09 0 d-------- C:\WINDOWS\RegisteredPackages
2007-05-30 22:14:50 997888 --a------ C:\WINDOWS\System32\wmvdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-05-30 22:14:50 892416 --a------ C:\WINDOWS\System32\wmspdmoe.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-05-30 22:14:50 1111040 --a------ C:\WINDOWS\System32\wmsdmoe2.dll <Not Verified; Microsoft Corporation; Microsoft® Windows Media Services>
2007-05-30 22:11:50 151552 --a------ C:\WINDOWS\System32\mgxoschk.dll <Not Verified; MAGIX AG; >
2007-05-30 22:10:59 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2007-05-30 22:10:52 0 d-------- C:\Documents and Settings\Johnny\WINDOWS
2007-05-30 21:49:37 0 d-------- C:\Pana_USB
2007-05-30 21:40:51 0 d-------- C:\Program Files\Panasonic
2007-05-30 16:36:19 0 d-------- C:\Documents and Settings\Johnny\Application Data\dvdcss
2007-05-29 17:46:46 0 d-------- C:\Documents and Settings\Johnny\Application Data\SiteAdvisor
2007-05-29 17:46:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2007-05-29 17:46:46 0 d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2007-05-29 16:49:38 21312 --a------ C:\WINDOWS\choice.exe
2007-05-29 16:49:15 0 d-------- C:\ie-spyad
2007-05-28 17:00:48 0 d-------- C:\CHILDREN_OF_MEN
2007-05-24 12:53:42 0 d-------- C:\Documents and Settings\Johnny\Application Data\Leadertech
2007-05-24 12:53:20 0 d-------- C:\Documents and Settings\Johnny\Application Data\Sonic
2007-05-24 12:53:17 0 d-------- C:\Program Files\Common Files\Sonic
2007-05-24 12:52:12 0 d-------- C:\Program Files\Sonic
2007-05-24 12:50:13 0 d-------- C:\Program Files\SpywareGuard
2007-05-23 00:33:54 86016 --a------ C:\WINDOWS\unvise32qt.exe <Not Verified; MindVision; Installer VISE 2.8.3>
2007-05-23 00:33:36 0 d-------- C:\Program Files\QuickTime
2007-05-23 00:33:29 0 d-------- C:\Documents and Settings\All Users\Application Data\QuickTime
2007-05-15 00:08:47 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-05-13 03:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2007-05-13 03:04:05 0 d-------- C:\Documents and Settings\Johnny\Application Data\GRETECH
2007-05-13 03:03:38 0 d-------- C:\Program Files\GRETECH
2007-05-01 05:18:02 0 d-------- C:\WORD
2007-05-01 03:16:48 0 d-------- C:\Program Files\GPSoftware


-- Find3M Report ---------------------------------------------------------------

2007-05-30 22:15:10 0 d-------- C:\Program Files\Movie Maker
2007-05-30 21:51:01 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-05-29 16:38:18 0 d-------- C:\Program Files\SpywareBlaster
2007-05-23 20:34:55 0 d-------- C:\Program Files\MSN Messenger
2007-05-23 20:34:48 0 d-------- C:\Program Files\Messenger
2007-05-23 17:39:01 0 d-------- C:\Program Files\SpeedFan
2007-05-23 00:34:07 0 d-------- C:\Program Files\Real Alternative
2007-05-23 00:34:03 0 d-------- C:\Program Files\Media Player Classic
2007-05-21 16:50:12 0 d-------- C:\Program Files\BitTornado
2007-05-12 19:41:13 0 d-------- C:\Program Files\Winamp
2007-05-01 05:41:52 0 d-------- C:\Program Files\Webteh
2007-05-01 05:41:51 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer Pro
2007-04-29 15:37:49 0 d-------- C:\Program Files\CyberLink
2007-04-28 13:46:30 0 d-------- C:\Documents and Settings\Johnny\Application Data\uTorrent
2007-04-17 10:20:49 0 d-------- C:\Program Files\Alwil Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Everstrike Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Common Files\Everstrike Software
2007-04-13 15:42:29 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Real
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Media Player Classic
2007-04-01 01:07:35 3712 --a------ C:\WINDOWS\System32\socketlock.sys
2007-04-01 00:34:30 0 d-------- C:\Program Files\Foxit Software
2007-03-31 03:41:34 0 d-------- C:\Program Files\Ares
2007-03-20 02:56:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 02:56:35 2301 --a------ C:\WINDOWS\mozver.dat
2007-03-20 02:24:29 0 -rahs---- C:\MSDOS.SYS
2007-03-20 02:24:29 0 -rahs---- C:\IO.SYS
2007-03-20 02:24:29 0 --a------ C:\CONFIG.SYS
2007-03-20 02:24:29 0 --a------ C:\AUTOEXEC.BAT
2007-03-20 02:20:56 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-03-19 18:10:29 62 --ahs---- C:\Documents and Settings\Johnny\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{4A368E80-174F-4872-96B5-0B27DDD11DB2} C:\Program Files\SpywareGuard\dlprotect.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryUpdate"=""
"Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundFusion"="RunDll32 hercplgs.cpl,BootEntryPoint"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"LFAgent"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-31 at 14:18:04 ---------

[Ried]

I'm not seeing anything new here.

Quote:

my computer has been going to the "physical memory dumping" screen whenever i try and connect to the net...

Is this still happening? Does it happen each and every time? Can you eventually connect to the internet?