Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page HijackThis log (Please check ASAP)
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 3 1 23
 
LinkBack Thread Tools
Old 05-07-2007, 06:36 AM   #1 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


HijackThis log (Please check ASAP)
Logfile of HijackThis v1.99.1
Scan saved at 9:53:14 PM, on 5/7/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\urdvxc.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\system32\ssc.exe
C:\WINDOWS\retadpu41.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [johnj315] C:\WINDOWS\system32\srvc.exe
O4 - HKLM\..\Run: [sixer5] C:\WINDOWS\system32\ssc.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\retadpu41.exe 61A847B5BBF72816338B2B27128065E9C084320161C4661227A755E9C2933154389A28452DA545E9B1894E754BE54C29159A7DA682D7735667D926033AAC01F09DDF7618419154310B87659CA5E04E5067DF690232BC15E2DCD66A47
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [johnj315] C:\WINDOWS\system32\srvc.exe
O4 - HKCU\..\Run: [sixer5] C:\WINDOWS\system32\ssc.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEB9E14-2AE8-4374-B48E-4BD936FAAFFE}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 05-10-2007, 02:50 AM   #2 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
*Bump*
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-10-2007, 11:43 AM   #3 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista


Re: HijackThis log (Please check ASAP)
Hello ChemicalRomance and welcome to TSF,

Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

Also be sure to carry out the instructions in the sequence listed below.

***************************************************

Download SDFix and save it to your Desktop. Double click SDFix.exe and it will extract the files to %systemdrive% -(Drive that contains the Windows Directory, typically C:\SDFix)

--------------------------------------------------------------------

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you which I will need in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply a well.

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

C:\SDFix\Report.txt
C:\ComboFix.txt
New HijackThis log
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-12-2007, 04:17 AM   #4 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
"Johnny" - 2007-05-12 17:18:12 Service Pack 1
ComboFix 07-05.08.3.V - Running from: "C:\Documents and Settings\Johnny\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
C:\WINDOWS\retadpu41.exe
C:\WINDOWS\updater.exe
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\outerinfo\OiUninstaller.exe
C:\Program Files\outerinfo\outerinfo.ico
C:\Program Files\outerinfo\Terms.rtf
C:\WINDOWS\b122.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\outerinfo
~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Johnny
C:\qoobox\purity\C\DOCUME~1\Johnny\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\Johnny\MYDOCU~1\WNSXS~1
C:\qoobox\purity\C\DOCUME~1\Johnny\MYDOCU~1\WNSXS~1\w?wexec.exe


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-12 ))))))))))))))))))))))))))))))))))


2007-05-07 21:56 2,560 ---hs---- C:\WINDOWS\system32\helperssc.exe
2007-05-07 20:52 2,560 ---hs---- C:\WINDOWS\system32\helpersrvc.exe
2007-05-01 05:18 <DIR> d-------- C:\WORD
2007-05-01 03:16 <DIR> d-------- C:\Program Files\GPSoftware
2007-04-29 19:37 <DIR> d-------- C:\Program Files\Webteh
2007-04-29 19:37 <DIR> d-------- C:\DOCUME~1\Johnny\APPLIC~1\BSplayer Pro
2007-04-29 19:37 <DIR> d-------- C:\DOCUME~1\Johnny\APPLIC~1\BSplayer
2007-04-29 15:37 <DIR> d-------- C:\Program Files\CyberLink
2007-04-29 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-04-20 11:30 2 --a------ C:\WINDOWS\system32\wintsvtr32.exe
2007-04-20 11:27 <DIR> d-------- C:\Program Files\Common Files\àdobe
2007-04-20 03:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-04-17 10:21 94,424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2007-04-17 10:21 85,952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2007-04-17 10:21 43,176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2007-04-17 10:21 31,560 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2007-04-17 10:21 23,352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2007-04-17 10:20 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2007-04-17 10:20 689,280 --a------ C:\WINDOWS\system32\aswBoot.exe
2007-04-17 10:20 1,060,864 --a------ C:\WINDOWS\system32\MFC71.dll
2007-04-17 10:20 <DIR> d-------- C:\Program Files\Alwil Software
2007-04-16 12:07 947,472 --a------ C:\WINDOWS\system32\msjava.dll
2007-04-16 12:07 63,248 --a------ C:\WINDOWS\system32\javaprxy.dll
2007-04-16 12:07 6,550 --a------ C:\WINDOWS\jautoexp.dat
2007-04-16 12:07 49,424 --a------ C:\WINDOWS\system32\clspack.exe
2007-04-16 12:07 46,352 --a------ C:\WINDOWS\setdebug.exe
2007-04-16 12:07 404,752 --a------ C:\WINDOWS\system32\javart.dll
2007-04-16 12:07 313,856 --a------ C:\WINDOWS\system32\dx3j.dll
2007-04-16 12:07 286,992 --a------ C:\WINDOWS\system32\vmhelper.dll
2007-04-16 12:07 21,264 --a------ C:\WINDOWS\system32\msjdbc10.dll
2007-04-16 12:07 187,152 --a------ C:\WINDOWS\system32\javacypt.dll
2007-04-16 12:07 172,304 --a------ C:\WINDOWS\system32\jview.exe
2007-04-16 12:07 171,792 --a------ C:\WINDOWS\system32\wjview.exe
2007-04-16 12:07 171,280 --a------ C:\WINDOWS\system32\jit.dll
2007-04-16 12:07 154,384 --a------ C:\WINDOWS\system32\msawt.dll
2007-04-16 12:07 15,120 --a------ C:\WINDOWS\system32\jdbgmgr.exe
2007-04-16 12:07 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-04-16 12:07 113 --a------ C:\WINDOWS\system32\zonedon.reg
2007-04-16 12:07 113 --a------ C:\WINDOWS\system32\zonedoff.reg
2007-04-14 20:07 <DIR> d-------- C:\Program Files\Everstrike Software
2007-04-14 20:07 <DIR> d-------- C:\Program Files\Common Files\Everstrike Software
2007-04-14 13:37 299 ---hs---- C:\WINDOWS\system32\ssc.exe
2007-04-13 15:42 <DIR> d-------- C:\Program Files\WinAVIVideoConverter


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-08 03:52:17 304 --sh--w C:\WINDOWS\system32\srvc.exe
2007-05-01 10:16:50 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-28 20:46:30 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\uTorrent
2007-04-25 23:22:15 -------- d-----w C:\Program Files\Common Files\?dobe
2007-04-22 21:52:28 -------- d-----w C:\Program Files\SpeedFan
2007-04-20 10:42:30 -------- d-----w C:\Program Files\SpywareBlaster
2007-04-16 1929 -------- d-----w C:\Program Files\Messenger
2007-04-04 08:00:07 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\Real
2007-04-04 08:00:07 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\Media Player Classic
2007-04-04 07:59:58 -------- d-----w C:\Program Files\Real Alternative
2007-04-04 07:59:55 -------- d-----w C:\Program Files\Media Player Classic
2007-04-01 08:07:35 3,712 ----a-w C:\WINDOWS\system32\socketlock.sys
2007-04-01 07:34:30 -------- d-----w C:\Program Files\Foxit Software
2007-03-31 10:41:34 -------- d-----w C:\Program Files\Ares
2007-03-29 23:44:44 -------- d-----w C:\Program Files\SlySoft
2007-03-29 23:28:56 -------- d-----w C:\Program Files\Alcohol Soft
2007-03-29 23:28:01 -------- d-----w C:\Program Files\Elaborate Bytes
2007-03-29 23:26:21 -------- d-----w C:\Program Files\DVD Shrink
2007-03-28 12:28:40 -------- d-----w C:\Program Files\Winamp
2007-03-24 01:42:51 -------- d-----w C:\Program Files\NavExcel Search Toolbar
2007-03-23 09:40:12 -------- d--h--w C:\Program Files\WindowsUpdate
2007-03-22 08:09:38 -------- d-----w C:\Program Files\XviD
2007-03-22 07:43:30 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\vlc
2007-03-22 00:56:06 -------- d-----w C:\Program Files\DivX
2007-03-22 00:51:37 -------- d-----w C:\Program Files\RegistryFix
2007-03-22 00:00:00 -------- d-----w C:\Program Files\Kerio
2007-03-21 23:59:48 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-21 12:12:09 -------- d-----w C:\Program Files\MediaMonkey
2007-03-21 11:49:22 -------- d-----w C:\Program Files\VideoLAN
2007-03-21 11:40:35 -------- d-----w C:\Program Files\Hercules
2007-03-21 11:20:59 -------- d-----w C:\Program Files\PestPatrol
2007-03-21 11:20:30 -------- d-----w C:\Program Files\VERITAS Software
2007-03-21 11:00:13 -------- d-----w C:\Program Files\Ahead
2007-03-21 11:00:12 -------- d-----w C:\Program Files\Common Files\Ahead
2007-03-21 09:01:42 -------- d-----w C:\Program Files\Anti Trojan Elite
2007-03-21 09:01:21 -------- d-----w C:\Program Files\RegistryCleanerXP
2007-03-21 09:01:18 -------- d-----w C:\Program Files\Network Associates
2007-03-21 04:39:04 63,488 --sha-w C:\WINDOWS\system32\urdvxc.exe
2007-03-21 03:46:23 64,281 ----a-w C:\WINDOWS\system32\dload.exe
2007-03-21 03:39:14 -------- d-----w C:\Program Files\MSN Messenger
2007-03-21 02:44:41 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\RegUpdate
2007-03-20 09:57:50 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\.BitTornado
2007-03-20 09:56:41 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-20 09:56:35 2,301 ----a-w C:\WINDOWS\mozver.dat
2007-03-20 09:55:59 -------- d-----w C:\Program Files\BitTornado
2007-03-20 09:24:51 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-20 09:24:29 0 --sha-r C:\MSDOS.SYS
2007-03-20 09:24:29 0 --sha-r C:\IO.SYS
2007-03-20 09:24:29 0 ----a-w C:\CONFIG.SYS
2007-03-20 09:24:29 0 ----a-w C:\AUTOEXEC.BAT
2007-03-20 09:23:09 -------- d-----w C:\Program Files\Online Services
2007-03-20 09:22:35 -------- d-----w C:\Program Files\Movie Maker
2007-03-20 09:21:57 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-20 09:20:56 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-20 09:20:20 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-20 09:20:17 -------- d-----w C:\Program Files\Windows NT
2007-03-20 01:11:07 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-20 01:11:03 -------- d-----w C:\Program Files\Common Files\SpeechEngines


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
"{D80C4E21-C346-4E21-8E64-20746AA20AEB}"="C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll" [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryUpdate"=""
"Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundFusion"="RunDll32 hercplgs.cpl,BootEntryPoint"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"johnj315"="C:\\WINDOWS\\system32\\srvc.exe"
"sixer5"="C:\\WINDOWS\\system32\\ssc.exe"
"LFAgent"=""
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"johnj315"="C:\\WINDOWS\\system32\\srvc.exe"
"sixer5"="C:\\WINDOWS\\system32\\ssc.exe"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages msv1_0\0\0
Security Packages kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages scecli\0\0




[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService DnsCache\0\0
rpcss RpcSs\0\0
imgsvc StiSvc\0\0
termsvcs TermService\0\0

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-12 17:45:32
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


********************************************************************

Completion time: 2007-05-12 17:45:37
C:\ComboFix-quarantined-files.txt ... 2007-05-12 17:45
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-12-2007, 04:18 AM   #5 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
SDFix: Version 1.83

Run by Johnny - Sat 05/12/2007 - 18:55:21.60

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Johnny\Desktop\SDFix

Safe Mode:
Checking Services:

Name:
MSWindows

ImagePath:
"C:\WINDOWS\System32\urdvxc.exe" /service

MSWindows - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\SYSTEM32\DLOAD.EXE - Deleted
C:\WINDOWS\updater.exe.tmp - Deleted
C:\WINDOWS\system32\helperssc.exe - Deleted
C:\WINDOWS\system32\helpersrvc.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\srvc.exe - Deleted
C:\WINDOWS\system32\ssc.exe - Deleted
C:\WINDOWS\system32\urdvxc.exe - Deleted



Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------

Backups Folder: - C:\DOCUME~1\Johnny\Desktop\SDFix\backups\backups.zip

Checking For Files with Hidden Attributes:


Finished
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-12-2007, 04:19 AM   #6 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
Logfile of HijackThis v1.99.1
Scan saved at 7:38:21 PM, on 5/12/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-12-2007, 08:12 AM   #7 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista


Re: HijackThis log (Please check ASAP)
Let's do a sweep and search for any remnants that may still be lurking.


Please copy this page to Notepad and save to your desktop for reference as you will not have any browsers open while you are carrying out portions of these instructions.

***************************************************

Download AVG Anti Spyware

Use the link at the bottom of the page under "AVG Anti-Spyware Free for Windows"

  • Install AVG Anti Spyware
  • Double-click the icon on Desktop to launch AVG
  • On the top of the main screen click Shield
  • Click the word active to change it to inactive
  • On the top of the main screen click Update.
  • Then click on Start Update. The update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
When you have finished updating, EXIT AVG Anti Spyware. Do Not run a scan just yet, we will shortly.

--------------------------------------------------------------------

Please download ATF Cleaner by Atribune.

--------------------------------------------------------------------

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------


Please ensure Hidden files and folders are viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File

C:\WINDOWS\SYSTEM32\ WINTSVTR32.EXE


--------------------------------------------------------------------

Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

--------------------------------------------------------------------

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
Run AVG Anti-Spyware with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click on the Scan tab
  • Click Complete System Scan to begin scanning.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, **Please ensure it is set to Quarantine then select "Apply all actions"
  • Once finished, click the Save report button, then click Save Report As and save it to your desktop. (make sure to remember where you saved that file, this is important).
**AVG Anti-Spyware is compatible with most AV and anti-spyware products, and the free version will continue to be useful as a second anti-malware scanner.

--------------------------------------------------------------------

Reboot into Normal Mode.

--------------------------------------------------------------------

Please run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:

Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click on located at the bottom of the page.
  2. A "pop up" window will appear. * Please ensure that your pop up blocker doesn't block it *
  3. Enter your e-mail address, country, and state & click "Free Online Scan" *The download of the 8 MB Panda's ActiveX control will take place*
Begin the scan by selecting
  • If it finds any malware, it will offer you a report.
  • Please ignore any entry it finds and the offer to buy the program to remove the entry, as we will address this later.
  • Click on then click
* You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
* Turn off the real time scanner of any existing antivirus program while performing the online scan

--------------------------------------------------------------------

Run a new scan with HijackThis and save the log.

--------------------------------------------------------------------

Please include the following in your next reply:

AVG Anti-Spyware results
Panda results
New HijackThis log

Please let me know how the system is behaving--what issues remain?
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-15-2007, 12:45 PM   #8 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:21:24 AM 5/14/2007

+ Scan result:



C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP7\A0001379.exe -> Adware.ManReg : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP7\A0001436.exe -> Adware.ManReg : No action taken.
D:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP29\A0004160.exe -> Adware.ManReg : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP15\A0003632.dll -> Adware.NavExcel : No action taken.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\OiUninstaller.exe.vir -> Adware.PurityScan : No action taken.
C:\QooBox\purity\C\DOCUME~1\Johnny\MYDOCU~1\WNSXS~1\wοwexec.exe -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP105\A0012140.dll -> Adware.PurityScan : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015932.exe -> Adware.PurityScan : No action taken.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\Customer Support.lnk -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\Uninstall Instructions.lnk -> Adware.SaveNow : No action taken.
C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU\WhenU.com Website.url -> Adware.SaveNow : No action taken.
C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP113\A0013433.exe -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP113\A0013437.exe -> Adware.SaveNow : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP114\A0013504.exe -> Adware.SaveNow : No action taken.
D:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP114\A0013498.exe -> Adware.SaveNow : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015934.exe -> Adware.Softomate : No action taken.
C:\WINDOWS\b116.exe -> Adware.Softomate : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP116\A0013611.exe -> Backdoor.IRCBot.aak : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015969.exe -> Backdoor.IRCBot.aak : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015980.exe -> Backdoor.IRCBot.aak : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP108\A0013237.exe -> Downloader.Age : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\retadpu41.exe.vir -> Downloader.Agent.bls : No action taken.
C:\QooBox\Quarantine\C\WINDOWS\updater.exe.vir -> Downloader.Agent.bls : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP103\A0011069.exe -> Downloader.Agent.bls : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP118\A0013677.exe -> Downloader.Agent.bls : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP124\A0015819.exe -> Downloader.Agent.bls : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015927.exe -> Downloader.Agent.bls : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015928.exe -> Downloader.Agent.bls : No action taken.
D:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP45\A0008737.exe -> Downloader.Agent.bls : No action taken.
D:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP44\A0008683.exe -> Downloader.Harnig.bq : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP105\A0012153.exe -> Downloader.PurityScan.eh : No action taken.
C:\Documents and Settings\Johnny\3.exe -> Proxy.Slaper.e : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP120\A0014712.exe -> Proxy.Slaper.e : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP120\A0014726.exe -> Proxy.Slaper.e : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP120\A0015706.exe -> Proxy.Slaper.e : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP120\A0015711.exe -> Proxy.Slaper.e : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015970.exe -> Proxy.Slaper.e : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015971.exe -> Proxy.Slaper.e : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015981.exe -> Proxy.Slaper.e : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015982.exe -> Proxy.Slaper.e : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP46\A0008752.exe -> Proxy.Slaper.e : No action taken.
C:\Program Files\Alcohol Soft\Alcohol 120\crack.exe -> Trojan.Feutel.av : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP25\A0004020.exe -> Trojan.Feutel.av : No action taken.
C:\QooBox\Quarantine\C\Program Files\Ipwindows\UnInstall.exe.vir -> Trojan.Rond : No action taken.
C:\QooBox\Quarantine\C\Program Files\Ipwindows\ipwins.dll.vir -> Trojan.Rond : No action taken.
C:\QooBox\Quarantine\C\Program Files\Ipwindows\ipwins.exe.vir -> Trojan.Rond : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015929.dll -> Trojan.Rond : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015930.exe -> Trojan.Rond : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP125\A0015931.exe -> Trojan.Rond : No action taken.
C:\System Volume Information\_restore{518D3577-F666-41D3-AAFD-0E325CE00446}\RP126\A0016127.exe -> Trojan.Small : No action taken.


::Report end
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-15-2007, 12:50 PM   #9 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
Incident Status Location

Virus:W32/Rahack.gen Disinfected Operating system
Adware:adware/whenusearch Not disinfected C:\Documents and Settings\Johnny\Start Menu\Programs\WhenU
Adware:adware/navhelper Not disinfected c:\program files\NavExcel Search Toolbar
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\All Users\Application Data\CyberLink\PowerDVD\iPower\khqljben.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\All Users\Application Data\CyberLink\PowerDVD\iPower\lsjkcbbl.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\All Users\Application Data\CyberLink\PowerDVD\iPower\start.htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\All Users\Application Data\CyberLink\PowerDVD\iPower\start_temp.htm
Virus:Trj/MailBot.CN Disinfected C:\Documents and Settings\Johnny\3.exe
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.bs.serving-sys.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.ad.yieldmanager.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.go.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Johnny\Application Data\Mozilla\Firefox\Profiles\mau99txl.default\cookies.txt[.yadro.ru/]
Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Johnny\Desktop\bsplayer220.949_clip.exe[BSplayer_WhenUSave_InstallerInst.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Johnny\Desktop\ComboFix.exe[ComboFixT\nircmd.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Johnny\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\forum[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\forum[2].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\lkrcqeec.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\loading[1].html
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\login_security_tips[1].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\ltletqcj.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\nvbhrrnv.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\pop_preview[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\pop_preview[2].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\qnkrcsbe.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\qvlsltrq.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\search[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\search[2].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\sssneqtx.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\topic[1].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\04ZCSQX4\tsenbjlr.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\forum[1].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\jhhrchtj.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\jwjtrjej.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\jwlknthn.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\kjsbbrkt.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\krwqrnhk.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\ljsnbbbj.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\nkteqjnk.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\pop_preview[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\post[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\post[2].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\post_info[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\propaganda[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\search[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\search[2].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\search[3].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\topic[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\topic[2].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\txkwjvnj.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\K9ANO1ER\wstetnhs.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\active[1].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\chxhjllj.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\forum[1].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\hlvrqnkt.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\kjvtsehr.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\ktheltkr.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\post_info[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\post_info[2].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\rkktelhn.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\search[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\search[2].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\search[3].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\search[4].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\LG53DKFA\search[5].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\0,,86373,00[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\activescan[2].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\active[2].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\active[3].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\ads[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\ascan_6[1].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\jkjrlkek.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\jrqbejjb.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\jttsrrct.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\kblebhlj.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\lleesvlb.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\nlezqszn.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\nrvklrnh.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\pop_preview[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\post[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\post[2].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\post_info[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\post_info[2].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\search[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\search[2].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\search[3].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\sveenvlz.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\tnbhtvkh.exe
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\topic[1].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\topic[2].htm
Virus:HTML/Instancob.A Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\topic[3].htm
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\vbkhchkv.exe
Virus:W32/Rahack.gen Disinfected C:\Documents and Settings\Johnny\Local Settings\Temporary Internet Files\Content.IE5\RADLFBPC\vjtkvqbv.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Anti Trojan Elite\regpage\snkwsbhk.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\bcwvzwbh.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\bhrhnkht.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\bnbtzwxt.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\brvrjrke.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\bzqlkhrh.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Citrus Punch.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Clear Day.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\czjevcet.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\ehbebsrn.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\elwtjnbj.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Fiesta.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Glacier.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Ivy.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Leaves.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Maize.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Nature.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Network Blitz.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\njbsvtll.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\nsqjttkv.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Pie Charts.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\qjllsjhl.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Sunflower.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Sweets.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\Technical.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\tlcwjrwt.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\vkjljzrn.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\Microsoft Shared\Stationery\xrljqjzn.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Common Files\System\ado\MDACReadme.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\Common Files\System\ado\tsektjkj.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\DVD Shrink\Web\Acknowledgements.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\DVD Shrink\Web\Contents.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\DVD Shrink\Web\DVD Shrink Help.htm
Virus:HTML/Instancob.A Disinfected C:\Program Files\DVD Shrink\Web\DVD Shrink.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\DVD Shrink\Web\ecwctehh.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\DVD Shrink\Web\Guides.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\DVD Shrink\Web\hnljtljr.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\DVD Shrink\Web\Introduction.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\DVD Shrink\Web\jhxzlbhr.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\DVD Shrink\Web\jtthkxlr.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\DVD Shrink\Web\License.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\DVD Shrink\Web\nzzwhxhj.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\DVD Shrink\Web\Quality.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\DVD Shrink\Web\rwreenkt.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\DVD Shrink\Web\tbhjrnec.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\DVD Shrink\Web\tzlezlxh.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\DVD Shrink\Web\Version History.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\DVD Shrink\Web\wvrqehet.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\before.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\command.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\krklbsjk.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\krnetsez.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\nrjtlnst.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\process.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\tnjcljsl.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\usage.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\de\xnklrnjx.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\before.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\command.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\jkttwctn.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\process.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\qhcktssn.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\rchlnrwh.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\tznqkqtz.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\usage.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\en\zbeclreh.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\before.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\bknhwbhz.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\command.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\jkjkkqch.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\process.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\trxnjkks.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\usage.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\vrbzlqbk.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\es\whtzezwk.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\before.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\bjxtlhke.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\command.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\kvxvreje.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\nhnjetwc.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\process.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\usage.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\vhqjvzbc.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\fr\vshlkntv.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\before.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\brwbcjvk.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\command.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\hejejxkk.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\hzlltbes.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\nlellrkx.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\process.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\usage.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\it\zntskkks.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\1st.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\beqntbhj.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\blwskzet.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\bwnqhtbc.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\clonedvd01.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\clonedvd02.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\clonedvd03.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\clonedvd04.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\contact.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\copytitle01.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\copytitle02.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\copytitle03.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\copytitle04.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\eeqnencq.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\ekbhrxtb.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\enlxsenb.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\erllttnn.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\faq.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\frame.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\jhnqstvw.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\jqwklxks.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\kkchekkl.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\klvteeth.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\ltslqjnk.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\main.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\nrntrzcj.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process01.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process02.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process02b.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process02c.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process03.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process03b.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process03c.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process04.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process04b.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\process04c.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\rsbsjlzb.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\ssrtkkth.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\szjtbhzk.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\tnenbkhk.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\tnqsrtez.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\toc.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\vckerreb.exe
Virus:W32/Rahack.gen
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-15-2007, 12:53 PM   #10 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\vhslthwr.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\vlblhktl.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\wbvrnrjk.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\wjvlrhbj.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\xecxlskj.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\Elaborate Bytes\CloneDVD\manual\ja\xltwnbkx.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\MediaMonkey\Plugins\DeFXInfo.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\MediaMonkey\Plugins\kcqklwsr.exe
Adware:Adware/SaveNow Not disinfected C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\chrome\whenu_ff.jar[content/overlay.js]
Adware:Adware/SaveNow Not disinfected C:\Program Files\Mozilla Firefox\extensions\{BEE3E87E-E1C6-4bfe-BE9D-48E84271AB34}\components\whenu_ff.dll
Virus:HTML/Instancob.A Disinfected C:\Program Files\Mozilla Firefox\res\hiddenWindow.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\Mozilla Firefox\res\jkkbjqer.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\MSN\MSNCoreFiles\msnread.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\MSN\MSNCoreFiles\tlbhnrlv.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\NetMeeting\netmeet.htm
Virus:W32/Rahack.gen Disinfected C:\Program Files\NetMeeting\rsewzjqn.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\cz\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\cz\rtzqnbtn.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\da\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\da\xswbnbke.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\de\hnhzjbrk.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\de\index.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\en\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\en\wcbnnrjh.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\es\cxhrrjhb.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\es\index.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\fi\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\fi\rkkklxhw.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\fr\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\fr\tlesnjsk.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\hu\ewjevzsj.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\hu\index.html
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\it\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\it\rtnwtjer.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\ja\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\ja\njlkwtjz.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\nl\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\nl\jtctbsll.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\pt\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\pt\rezqbsrs.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\ru\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\ru\zwxllskz.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\SlySoft\AnyDVD\manual\se\index.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\SlySoft\AnyDVD\manual\se\zlsekbjb.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\VideoLAN\VLC\http\admin\browse.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\VideoLAN\VLC\http\admin\nshtjslt.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\VideoLAN\VLC\http\info.html
Virus:W32/Rahack.gen Disinfected C:\Program Files\VideoLAN\VLC\http\tcbjqrbn.exe
Virus:W32/Rahack.gen Disinfected C:\Program Files\WinRAR\hlnebjxh.exe
Virus:HTML/Instancob.A Disinfected C:\Program Files\WinRAR\Order.htm
Adware:Adware/PurityScan Not disinfected C:\QooBox\purity\C\DOCUME~1\Johnny\MYDOCU~1\WNSXS~1\w?wexec.exe
Adware:Adware/Yazzle Not disinfected C:\QooBox\Quarantine\C\Program Files\Common Files\Yazzle1122OinUninstaller.exe.vir
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\Program Files\Ipwindows\ipwins.dll.vir
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\Program Files\Ipwindows\ipwins.exe.vir
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\Program Files\Ipwindows\UnInstall.exe.vir
Adware:Adware/Maxifiles Not disinfected C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir
Adware:Adware/DeluxeComunications Not disinfected C:\QooBox\Quarantine\C\WINDOWS\retadpu41.exe.vir
Adware:Adware/Borlander Not disinfected C:\QooBox\Quarantine\C\WINDOWS\updater.exe.vir
Adware:Adware/Yazzle Not disinfected C:\WINDOWS\b116.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\bzehxvnz.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\ciadmin.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\ciquery.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\hwexrtne.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\ixqlang.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\jbnshhqj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\jjlenkbt.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\migwiz.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\migwiz2.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\best_fr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\best_road.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\best_robust.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\best_secure.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\blkkzrtt.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\connected_data.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\connected_fr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\connected_multiple.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\connected_networks.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\connected_wizard.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\cxjclkkc.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\default.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\ekwlsjzj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\ewrlklcs.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\footer.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\hjhecvkh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\klbvejnk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\knwbcncs.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\kxkzvszq.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\kzerbzks.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\kzkzkjkb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\lbsbbjlx.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\lhhjrkjk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\lrhwxcwk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\lwnssrtv.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\njnrhctz.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\nleqhveh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\qejnhetj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\rbnesqvr.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\rqkjqjqb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\rzjnrbeb.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\safe_better.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\safe_easier.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\safe_faster.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\safe_fr.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\skersqzb.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\start_control.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\start_ending.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\start_files.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\start_fr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\start_icons.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\start_menu.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\start_taskbar.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\start_windows.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\tjxhsker.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\trsecbvb.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\unlock_built.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\unlock_fr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\unlock_optimized.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\htmlTour\unlock_playing.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\wwvjntek.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\xslbknlk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\zbcwlstj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\htmlTour\ztssweeh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\lllknblj.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Audio\snd.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\contents.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\Tours\WindowsMediaPlayer\Cnt\tjnbzhbh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Help\tsbjbtvn.exe
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\AboutCompat.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\chlrtebt.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatMode.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\CompatOffline.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\csclcbtn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\kshsbten.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\LearnCompat.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\CompatCtr\ttnejjkl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lthtlnwk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\DFS\lzkknrkt.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\DFS\privacy.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\DFS\rllhnlsq.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\DFS\uplddrvinfo.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\DFS\xmldialog.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\dvdupgrd.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\DVDUpgrd\jkenjtvv.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\ErrorMessagesOffline.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\ErrMsg\xjlnrbel.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\errors\brlkcjst.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\errors\connection.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\dglogshelp.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tekstkzw.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\NetDiag\tlwqjnbh.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\panels\blank.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\panels\ekjekxll.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\panels\kqxqncte.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\rc\khhtevqk.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\rc\rcRequest.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\bxtxjsbv.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\ConnIssue.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\krbbjtbw.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\LearnInternet.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\RCMoreInfo.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\rjewkstw.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Common\wccnwsnz.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\helpeeaccept.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\DividerBar.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jrwbtbsl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\jthchjjx.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\lscrknnq.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\nkbshxqh.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAChatClient.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAClient.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\RAStatusBar.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\rcscreen6_head.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\setting.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wnjeletk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Client\wxklxbbh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ctrbnkts.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\ErrorMsgs.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\RCFileXfer.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\rrjhbcnh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\vlewejke.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Common\VOIPMsgs.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\DividerBar1.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\DividerBar2.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\ehvhlqhw.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\jkvvjhhx.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\llehtbzr.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\RAChatServer.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\sbsbzljh.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\SettingServer.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\TakeControlMsgs.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\Interaction\Server\wqqnvzet.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\RAStartPage.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\rcBuddy.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\srljkjhs.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\Remote Assistance\tehxeecc.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bbekwlrs.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\bttlteqt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\jlcehbkq.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\kqwlwbxw.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\msinfo.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\qkjneslh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\rbjsrhhj.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysComponentInfo.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysEvtLogInfo.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysHealthInfo.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysinfosum.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysRemoteInfo.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysServicesInfo.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\sysSoftwareInfo.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\wrsnrelv.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\sysinfo\zkjckqle.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\AboutWU.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\blbelbbj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\cnvjlbvb.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\Learn.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\LearnInternet.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\learnWU.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\updatecenter.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\xttblnnn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zcbjntbt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\System\UpdateCtr\zccewkkb.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Connection.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hnvcxhls.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\hshlnlhk.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineDC.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\OfflineOptions.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\ConnIssue.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\LearnInternet.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\RCMoreInfo.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Common\stlvetct.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\confirm.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcConnection.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen1.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen2.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\rcscreen3.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Common\stlvetct.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcDetails.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcInviteStatus.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen4.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen5.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen6_head.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen7.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen8.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\rcscreen9.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\Escalation\Email\stlvetct.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\rcstatus.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\Remote Assistance\stlvetct.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Microsoft Corporation,L=Redmond,S=Washington,C=US\ssenjzlj.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\activ.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\activsvc.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\actlan.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\actshell.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\adeskerr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\autoupdt.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\au_plcy.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\bhbksntr.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\blwsjwbw.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\brwvhkse.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\bsnztkeh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\chnknrve.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\dtsgnup.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\etvbwhhk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\exsenscs.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ezcbltsz.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\hhclsveh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\hjjerrre.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\hltshlxe.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\hrkvecrk.exe
Virus:W32/Rahack.gen
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-15-2007, 12:54 PM   #11 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\hvnehhlc.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ics.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\jbkstktj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\jlxntbsn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\jnjtbrbr.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\jnlrkxkt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\jrjcbqwr.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\kksjwwwh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ksshkjte.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\lbrbnsbs.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\llxjeljr.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\msobshel.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\ncjbhjqs.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\netmeet.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\neweula.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\nqnbnkck.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\qbbbztbj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\qqtwtjlv.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\qtneebjs.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\rketttee.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\rrhttqwk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\rtlbnwhk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\rxltjtsl.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\smartnav.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\sszlxrnc.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tip.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tjlrrtxn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tnvllllr.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\tsweb1.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\updshell.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\verktcns.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\vnblehlz.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\vsjwbwzr.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\welcome.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wexeqkch.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wkrbqbhk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\wttsxbzt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xkrlsznr.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht00w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht01w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht05w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht09w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht13w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht14w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht15w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht16w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht17w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht18w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht19w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht23w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht24w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht25w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht26w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht28w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht30w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht31w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht32w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht33w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht34w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht35w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht36w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht38w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht39w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht40w.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\xptht41w.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\zrsnjbnb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\zstrrkxn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\SoftwareDistribution\Download\16b2c96a0c41f4dfdb4d3cc228a4f819\zznkzwvh.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\actconn.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\actdone.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\activ.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\activerr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\activsvc.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\actlan.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\adeskerr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\adrdyreg.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\apolicy.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\aprvcyms.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\areg1.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\aregdial.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\aregdone.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actsetup\ausrinfo.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\blvccbsx.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\brvecwcs.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\btesnnel.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\btqkxenz.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\cwbbnetr.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\hlrrerkq.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\knkskthw.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\lrlzztll.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\nzzwhebn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\rkjenssc.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\rrthsntk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\tchekrqt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\vrrkkhbn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\actsetup\zvswnlev.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\actshell.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\dtsgnup.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\error\cnncterr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\error\dialtone.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\error\ektltnch.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\error\erettxjr.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\error\hndshake.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\error\isp2busy.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\error\jkhehnjn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\error\kbwnhlkk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\error\lktkttrb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\error\neehnzxl.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\error\noanswer.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\error\pberr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\error\pulse.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\error\sswzlttc.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\error\toobusy.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\error\xenjnbqe.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\dslmain\dslmain.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\dslmain\dsl_a.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\dslmain\dsl_b.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\dslmain\nevttblh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\dslmain\qxztllwj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\dslmain\slhcezwb.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\iconnect\icntlast.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\iconnect\iconnect.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\iconnect\jsnsljzh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\iconnect\shrtrsbs.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\isptype\isptype.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\isptype\lnvlnzbq.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\bccxejnc.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\bzrbbsrn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\cjxsjlbr.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\hcvxrtwz.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\jjlhknhh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\jlkshlvl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\khkvhhsb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\klkhkrts.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\lbzcxver.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_a.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_b.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_c.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_d.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_e.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_f.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_g.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_h.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_i.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_j.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\mouse\mouse_k.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\nrlcnzsh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\qetvqlnw.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\mouse\rbnrnnxt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\sconnect\jkhjlhbb.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\sconnect\scntlast.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\html\sconnect\sconnect.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\html\sconnect\vznnebet.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\icserror\icsdc.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\icserror\vcejlxkt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\isperror\hkenntsl.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\isperror\ispcnerr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\isperror\ispdtone.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\isperror\isphdshk.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\isperror\ispins.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\isperror\ispnoanw.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\isperror\isppberr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\isperror\ispphbsy.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\isperror\ispsbusy.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\isperror\jjtrkbnj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\isperror\knkbrnbn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\isperror\ktkbeknl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\isperror\rkeetqew.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\isperror\skqbvxsq.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\isperror\tsjhshcj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\isperror\ztceskls.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\krcxzncj.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\msobshel.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\qjeejeej.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\regerror\cetrjwtt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\regerror\ehxzeshx.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\regerror\etnwxxnv.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\regerror\kjtzrlbb.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\regerror\rcnterr.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\regerror\rcwnttzv.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\regerror\rdtone.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\regerror\rhndshk.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\regerror\rnoansw.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\regerror\rnomdm.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\regerror\rpberr.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\regerror\rpulse.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\regerror\rtoobusy.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\regerror\wlkbbnrq.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\regerror\wtkkxrlr.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\regerror\xcjnkske.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\acterror.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\activate.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\act_plcy.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\badeula.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\badpkey.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\bknkjheh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\bvqncler.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\compname.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\crjrhltv.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\dialup.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\drdyisp.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\drdymig.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\drdyoem.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\drdyref.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\dtiwait.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\enbsjwre.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\esjhxblq.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\eskcxkhr.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\fini.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\hlqstwxz.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\hnhkkene.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\hnwprmpt.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\hwncrnhh.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\hxckwnzl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\hxxttskn.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\iconn.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\ics.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\ident1.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\ident2.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\isp.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\ispwait.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\jejrhnvh.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\jndomain.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\jndom_a.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\jtxsbxwn.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\keybd.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\keybdcmt.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\kjqkxtnz.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\kksksesr.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\knkhrczb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\lhkhbjzl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\lkjtrhks.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\migdial.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\miglist.htm
Virus:HTML/Instancob.A
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-15-2007, 12:55 PM   #12 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
Disinfected C:\WINDOWS\system32\oobe\setup\migpage.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\neweula.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\neweula2.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nkhlvlzt.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nleevxqj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nstnnnkk.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\ntwbjnxv.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nvbbshss.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\nwqjkkhn.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\oempriv.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\prodkey.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\prvcyms.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\refdial.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\reg1.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\reg3.htm
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\regdial.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\rresnsct.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\rserkten.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\security.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\sejkhevn.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\seqtjbee.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\shbqjhcl.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\timezone.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\tnqsbljb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\tqkbrhnx.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\tthzxntk.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\username.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\vjbssbhj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\vkckxhbn.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\system32\oobe\setup\welcome.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\wnklretl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\wrbbnjss.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\wtenslnj.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\zeblsxxw.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\zhhrrltb.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\setup\zhzsnhje.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\oobe\tttnwshl.exe
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\system32\urdvxc.exe
Virus:HTML/Instancob.A Disinfected C:\WINDOWS\Web\tip.htm
Virus:W32/Rahack.gen Disinfected C:\WINDOWS\Web\wcxnjhhj.exe
Adware:Adware/Borlander Not disinfected D:\Lock_Folder_XP_3.6.zip.exe[crack.exe]




Logfile of HijackThis v1.99.1
Scan saved at 4:09:20 AM, on 5/16/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\urdvxc.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEB9E14-2AE8-4374-B48E-4BD936FAAFFE}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-15-2007, 09:29 PM   #13 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista


Re: HijackThis log (Please check ASAP)
In order to procedd, I need to know if you are networked to another computer(s). As you can see by the Panda results, this system is seriously infected by a worm that spreads through mapped drives. Also, an entry previously deleted by SDFix has returned, which also indicates that you are networked or have file sharing enabled.

I'd also appreciate a detailed description of the issues you're experiencing.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2007, 10:29 AM   #14 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
The only networking I've been doing is through downloads. And the latest problems I've had have been these:
- Unable to play any audio because the computer says that my sound drivers are bad (this problem went away after I restarted the computer)
- Unable to get the option of connecting to the internet, while the computer is telling me that I'm already connected to the internet, even though I'm not (this problem went away after I restarted the computer)
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-16-2007, 10:40 AM   #15 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista


Re: HijackThis log (Please check ASAP)
I'll need to see what else may have returned, or gotten onto your system in the last day or so.

Download Deckard's System Scanner (DSS) to your Desktop.

What DSS will do:
  • create a new System Restore point in Windows XP and Vista.
  • clean your Temporary Files, Downloaded Program Files, and Internet Cache Files, and also empty the Recycle Bin on all drives.
  • check some important areas of your system and produce a report for your analyst to review.
  • DSS automatically runs HijackThis 1.99.1 for you, but it will also install and place a shortcut to HijackThis on your desktop if you do not already have HijackThis installed. **Allow dss.exe to download HijackThis 1.99.1 when prompted**


Note: You must be logged onto an account with administrator privileges.
  1. Close all applications and windows.
  2. Double-click on dss.exe to run it, and follow the prompts.
  3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
  4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
  5. Please attach extra.txt to your post.
To attach a file to a new post, simply
  1. Click the[Manage Attachments] button under Additional Options > Attach Files on the post composition page, and
  2. copy and paste the following into the "Upload File from your Computer" box:
    C:\Deckard\System Scanner\extra.txt
  3. Click Upload.

Please include the following in your next reply:

main.txt
an attached extra.txt
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-17-2007, 03:27 AM   #16 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
Deckard's System Scanner v20070426.43
Run by Johnny on 2007-05-17 at 18:44:18
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
130: 2007-05-18 01:44:20 UTC - RP130 - Deckard's System Scanner Restore Point
129: 2007-05-17 02:28:29 UTC - RP129 - System Checkpoint
128: 2007-05-16 02:28:03 UTC - RP128 - System Checkpoint
127: 2007-05-14 21:56:32 UTC - RP127 - System Checkpoint
126: 2007-05-13 21:43:49 UTC - RP126 - System Checkpoint


-- First Restore Point --
1: 2007-03-20 09:31:14 UTC - RP1 - System Checkpoint


Backed up registry hives.

Performed disk cleanup.


-- HijackThis (run as Johnny.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 6:44:47 PM, on 5/17/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Documents and Settings\Johnny\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Johnny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Network Windows Service (MSWindows) - Unknown owner - C:\WINDOWS\System32\urdvxc.exe" /service (file missing)


-- File Associations -----------------------------------------------------------

.cpl - cplfile - shell\runas\command - rundll32.exe shell32.dll,Control_RunDLLAsUser %1,%*


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R0 giveio - c:\windows\system32\giveio.sys
R0 speedfan - c:\windows\system32\speedfan.sys <Not Verified; Windows (R) 2000 DDK provider; Windows (R) 2000 DDK driver>
R1 fwdrv (Firewall Driver) - c:\windows\system32\drivers\fwdrv.sys
R2 ElbyCDIO (ElbyCDIO Driver) - c:\windows\system32\drivers\elbycdio.sys <Not Verified; Elaborate Bytes AG; CDRTools>
R2 LF30FS - c:\program files\everstrike software\lock folder xp 3.6\lf30xp.sys
R2 SocketLock (Raw Socket Lock Driver) - c:\windows\system32\socketlock.sys
R3 AnyDVD - c:\windows\system32\drivers\anydvd.sys <Not Verified; SlySoft, Inc.; AnyDVD>
R3 cwcspud (Crystal SoundFusion(tm) Driver) - c:\windows\system32\drivers\cwcspud.sys <Not Verified; Hercules (R); Hercules (R) WDM PCI Driver>
R3 cwcwdm (Crystal SoundFusion(tm) WDM Driver) - c:\windows\system32\drivers\cwcwdm.sys <Not Verified; Hercules (R); Hercules (R) WDM PCI Driver>
R3 ElbyDelay - c:\windows\system32\drivers\elbydelay.sys <Not Verified; Elaborate Bytes; CDRTools>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

S2 MSWindows (Network Windows Service) - "c:\windows\system32\urdvxc.exe" /service (file missing)
S3 AresChatServer (Ares Chatroom server) - c:\program files\ares\chatserver.exe <Not Verified; Ares Development Group; Ares Chat Server>


-- Files created between 2007-04-17 and 2007-05-17 -----------------------------

2007-05-15 00:08:47 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-05-13 03:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2007-05-13 03:04:05 0 d-------- C:\Documents and Settings\Johnny\Application Data\GRETECH
2007-05-13 03:03:38 0 d-------- C:\Program Files\GRETECH
2007-05-01 05:18:02 0 d-------- C:\WORD
2007-05-01 03:16:48 0 d-------- C:\Program Files\GPSoftware
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer Pro
2007-04-29 19:37:48 0 d-------- C:\Program Files\Webteh
2007-04-29 15:37:50 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-04-29 15:37:48 0 d-------- C:\Program Files\CyberLink
2007-04-20 11:27:02 0 d-------- C:\Program Files\Common Files\?dobe
2007-04-20 03:43:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-04-17 10:20:49 0 d-------- C:\Program Files\Alwil Software


-- Find3M Report ---------------------------------------------------------------

2007-05-12 19:41:13 0 d-------- C:\Program Files\Winamp
2007-05-01 03:16:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-28 13:46:30 0 d-------- C:\Documents and Settings\Johnny\Application Data\uTorrent
2007-04-22 14:52:28 0 d-------- C:\Program Files\SpeedFan
2007-04-20 03:42:30 0 d-------- C:\Program Files\SpywareBlaster
2007-04-16 1229 0 d-------- C:\Program Files\Messenger
2007-04-14 20:07:54 0 d-------- C:\Program Files\Everstrike Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Common Files\Everstrike Software
2007-04-13 15:42:29 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Real
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Media Player Classic
2007-04-04 00:59:58 0 d-------- C:\Program Files\Real Alternative
2007-04-04 00:59:55 0 d-------- C:\Program Files\Media Player Classic
2007-04-01 01:07:35 3712 --a------ C:\WINDOWS\System32\socketlock.sys
2007-04-01 00:34:30 0 d-------- C:\Program Files\Foxit Software
2007-03-31 03:41:34 0 d-------- C:\Program Files\Ares
2007-03-29 16:44:44 0 d-------- C:\Program Files\SlySoft
2007-03-29 16:28:56 0 d-------- C:\Program Files\Alcohol Soft
2007-03-29 16:28:01 0 d-------- C:\Program Files\Elaborate Bytes
2007-03-29 16:26:21 0 d-------- C:\Program Files\DVD Shrink
2007-03-23 18:42:51 0 d-------- C:\Program Files\NavExcel Search Toolbar
2007-03-23 02:40:12 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-22 01:09:38 0 d-------- C:\Program Files\XviD
2007-03-22 00:43:30 0 d-------- C:\Documents and Settings\Johnny\Application Data\vlc
2007-03-21 17:56:06 0 d-------- C:\Program Files\DivX
2007-03-21 17:51:37 0 d-------- C:\Program Files\RegistryFix
2007-03-21 17:00:00 0 d-------- C:\Program Files\Kerio
2007-03-21 16:59:48 0 d-------- C:\Program Files\Common Files\InstallShield
2007-03-21 05:12:09 0 d-------- C:\Program Files\MediaMonkey
2007-03-21 04:49:22 0 d-------- C:\Program Files\VideoLAN
2007-03-21 04:40:35 0 d-------- C:\Program Files\Hercules
2007-03-21 04:20:59 0 d-------- C:\Program Files\PestPatrol
2007-03-21 04:20:30 0 d-------- C:\Program Files\VERITAS Software
2007-03-21 04:00:13 0 d-------- C:\Program Files\Ahead
2007-03-21 04:00:12 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-21 02:01:42 0 d-------- C:\Program Files\Anti Trojan Elite
2007-03-21 02:01:21 0 d-------- C:\Program Files\RegistryCleanerXP
2007-03-21 02:01:18 0 d-------- C:\Program Files\Network Associates
2007-03-20 20:39:14 0 d-------- C:\Program Files\MSN Messenger
2007-03-20 19:44:41 0 d-------- C:\Documents and Settings\Johnny\Application Data\RegUpdate
2007-03-20 18:58:53 0 d-------- C:\Documents and Settings\Johnny\Application Data\Macromedia
2007-03-20 02:57:50 0 d-------- C:\Documents and Settings\Johnny\Application Data\.BitTornado
2007-03-20 02:56:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 02:56:40 0 d-------- C:\Documents and Settings\Johnny\Application Data\Mozilla
2007-03-20 02:56:35 2301 --a------ C:\WINDOWS\mozver.dat
2007-03-20 02:55:59 0 d-------- C:\Program Files\BitTornado
2007-03-20 02:31:02 0 d-------- C:\Documents and Settings\Johnny\Application Data\Identities
2007-03-20 02:24:51 0 d-------- C:\Program Files\microsoft frontpage
2007-03-20 02:24:29 0 -rahs---- C:\MSDOS.SYS
2007-03-20 02:24:29 0 -rahs---- C:\IO.SYS
2007-03-20 02:24:29 0 --a------ C:\CONFIG.SYS
2007-03-20 02:24:29 0 --a------ C:\AUTOEXEC.BAT
2007-03-20 02:23:09 0 d-------- C:\Program Files\Online Services
2007-03-20 02:22:35 0 d-------- C:\Program Files\Movie Maker
2007-03-20 02:21:57 0 d-------- C:\Program Files\Common Files\MSSoap
2007-03-20 02:20:56 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-03-20 02:20:20 0 d-------- C:\Program Files\MSN Gaming Zone
2007-03-20 02:20:17 0 d-------- C:\Program Files\Windows NT
2007-03-19 18:11:07 0 d-------- C:\Program Files\Common Files\ODBC
2007-03-19 18:11:03 0 d-------- C:\Program Files\Common Files\SpeechEngines
2007-03-19 18:10:29 62 --ahs---- C:\Documents and Settings\Johnny\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{D80C4E21-C346-4E21-8E64-20746AA20AEB} C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryUpdate"=""
"Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundFusion"="RunDll32 hercplgs.cpl,BootEntryPoint"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"
"LFAgent"=""
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa
Authentication Packages REG_MULTI_SZ msv1_0\0\0
Security Packages REG_MULTI_SZ kerberos\0msv1_0\0schannel\0wdigest\0\0
Notification Packages REG_MULTI_SZ scecli\0\0


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0



-- End of Deckard's System Scanner: finished at 2007-05-17 at 18:45:08 ---------
Attached Files
File Type: txt extra.txt (5.6 KB, 4 views)
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-17-2007, 07:56 AM   #17 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,576
OS: WinXP and Vista


Re: HijackThis log (Please check ASAP)
Ok, let's go after this once again.

ComboFix has been updated since you last downloaded it. Please delete your current ComboFix.exe and download it again:

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close any open browsers.

--------------------------------------------------------------------

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs)

NavExcel Search Toolbar
Outerinfo <--if this entry will not uninstall, please continue to the next step and let me know in your next reply.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts. When finished, it shall produce a log for you which I will need in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

--------------------------------------------------------------------

Please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Use the up arrow key to highlight Safe Mode and press Enter.
5) Login with your usual account. Make sure to close any open browsers.

--------------------------------------------------------------------

Open HijackThis and click on 'Do a System Scan Only'. 'Check' the following entry:

O3 - Toolbar: NavExcel Toolbar - {5AA06644-BC46-4220-A460-47A6EB47C96D} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
Click 'Fix Checked' and close HijackThis.

--------------------------------------------------------------------

Please ensure Hidden files and folders are still viewable:

Go to My Computer->Tools->Folder Options->View tab:
* Under the Hidden files and folders heading:
* select Show hidden files and folders.
* Uncheck Hide protected operating system files (recommended) option.
*Also, make sure there is no checkmark beside Hide file extensions for known file types.
* Click OK.

--------------------------------------------------------------------

Using 'My Computer', navigate to and delete the following File and Folder

C:\Program Files\ NavExcel Search Toolbar
D:\ Lock_Folder_XP_3.6.zip.exe

--------------------------------------------------------------------

Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt I'll need that in your next reply.
--------------------------------------------------------------------

Run another online scan at Panda and save the results.

--------------------------------------------------------------------

Run a new scan with dss.exe

--------------------------------------------------------------------

Please include the following in your next reply:

C:\ComboFix.txt
C:\SDFix\Report.txt
main.txt
Update on system behavior
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-21-2007, 01:47 AM   #18 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
I've had the internet connection problem a few times since my last post, but that's it.



"Johnny" - 2007-05-18 15:36:34 Service Pack 1
ComboFix 07-05.17.10.V - Running from: "C:\Documents and Settings\Johnny\Desktop\"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Folders Quarantined:
C:\qoobox\purity\C\DOCUME~1
C:\qoobox\purity\C\DOCUME~1\Johnny
C:\qoobox\purity\C\DOCUME~1\Johnny\MYDOCU~1
C:\qoobox\purity\C\DOCUME~1\Johnny\MYDOCU~1\WNSXS~1
C:\qoobox\purity\C\DOCUME~1\Johnny\MYDOCU~1\WNSXS~1\w?wexec.exe


((((((((((((((((((((((((((((((( Files Created from 2007-04-05 to 2007-05-18 ))))))))))))))))))))))))))))))))))


2007-05-17 18:42 <DIR> d-------- C:\Deckard
2007-05-15 00:08 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-05-13 16:23 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-05-13 03:04 <DIR> d-------- C:\DOCUME~1\Johnny\APPLIC~1\GRETECH
2007-05-13 03:04 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\GRETECH
2007-05-13 03:03 <DIR> d-------- C:\Program Files\GRETECH
2007-05-12 17:45 49,152 --a------ C:\WINDOWS\nircmd.exe
2007-05-01 05:18 <DIR> d-------- C:\WORD
2007-05-01 03:16 <DIR> d-------- C:\Program Files\GPSoftware
2007-04-29 19:37 <DIR> d-------- C:\Program Files\Webteh
2007-04-29 19:37 <DIR> d-------- C:\DOCUME~1\Johnny\APPLIC~1\BSplayer Pro
2007-04-29 19:37 <DIR> d-------- C:\DOCUME~1\Johnny\APPLIC~1\BSplayer
2007-04-29 15:37 <DIR> d-------- C:\Program Files\CyberLink
2007-04-29 15:37 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\CyberLink
2007-04-20 11:27 <DIR> d-------- C:\Program Files\Common Files\àdobe
2007-04-20 03:43 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-05-13 02:41:13 -------- d-----w C:\Program Files\Winamp
2007-05-01 10:16:50 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-04-28 20:46:30 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\uTorrent
2007-04-25 23:22:15 -------- d-----w C:\Program Files\Common Files\?dobe
2007-04-22 21:52:28 -------- d-----w C:\Program Files\SpeedFan
2007-04-20 10:42:30 -------- d-----w C:\Program Files\SpywareBlaster
2007-04-17 17:20:49 -------- d-----w C:\Program Files\Alwil Software
2007-04-16 1929 -------- d-----w C:\Program Files\Messenger
2007-04-15 03:07:54 -------- d-----w C:\Program Files\Everstrike Software
2007-04-15 03:07:54 -------- d-----w C:\Program Files\Common Files\Everstrike Software
2007-04-13 22:42:29 -------- d-----w C:\Program Files\WinAVIVideoConverter
2007-04-04 08:00:07 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\Real
2007-04-04 08:00:07 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\Media Player Classic
2007-04-04 07:59:58 -------- d-----w C:\Program Files\Real Alternative
2007-04-04 07:59:55 -------- d-----w C:\Program Files\Media Player Classic
2007-04-01 08:07:35 3,712 ----a-w C:\WINDOWS\system32\socketlock.sys
2007-04-01 07:34:30 -------- d-----w C:\Program Files\Foxit Software
2007-03-31 10:41:34 -------- d-----w C:\Program Files\Ares
2007-03-29 23:44:44 -------- d-----w C:\Program Files\SlySoft
2007-03-29 23:28:56 -------- d-----w C:\Program Files\Alcohol Soft
2007-03-29 23:28:01 -------- d-----w C:\Program Files\Elaborate Bytes
2007-03-29 23:26:21 -------- d-----w C:\Program Files\DVD Shrink
2007-03-24 01:42:51 -------- d-----w C:\Program Files\NavExcel Search Toolbar
2007-03-23 09:40:12 -------- d--h--w C:\Program Files\WindowsUpdate
2007-03-22 08:09:38 -------- d-----w C:\Program Files\XviD
2007-03-22 07:43:30 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\vlc
2007-03-22 00:56:06 -------- d-----w C:\Program Files\DivX
2007-03-22 00:51:37 -------- d-----w C:\Program Files\RegistryFix
2007-03-22 00:00:00 -------- d-----w C:\Program Files\Kerio
2007-03-21 23:59:48 -------- d-----w C:\Program Files\Common Files\InstallShield
2007-03-21 12:12:09 -------- d-----w C:\Program Files\MediaMonkey
2007-03-21 11:49:22 -------- d-----w C:\Program Files\VideoLAN
2007-03-21 11:40:35 -------- d-----w C:\Program Files\Hercules
2007-03-21 11:20:59 -------- d-----w C:\Program Files\PestPatrol
2007-03-21 11:20:30 -------- d-----w C:\Program Files\VERITAS Software
2007-03-21 11:00:13 -------- d-----w C:\Program Files\Ahead
2007-03-21 11:00:12 -------- d-----w C:\Program Files\Common Files\Ahead
2007-03-21 09:01:42 -------- d-----w C:\Program Files\Anti Trojan Elite
2007-03-21 09:01:21 -------- d-----w C:\Program Files\RegistryCleanerXP
2007-03-21 09:01:18 -------- d-----w C:\Program Files\Network Associates
2007-03-21 03:39:14 -------- d-----w C:\Program Files\MSN Messenger
2007-03-21 02:44:41 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\RegUpdate
2007-03-20 09:57:50 -------- d-----w C:\DOCUME~1\Johnny\APPLIC~1\.BitTornado
2007-03-20 09:56:41 0 ----a-w C:\WINDOWS\nsreg.dat
2007-03-20 09:56:35 2,301 ----a-w C:\WINDOWS\mozver.dat
2007-03-20 09:55:59 -------- d-----w C:\Program Files\BitTornado
2007-03-20 09:24:51 -------- d-----w C:\Program Files\microsoft frontpage
2007-03-20 09:24:29 0 --sha-r C:\MSDOS.SYS
2007-03-20 09:24:29 0 --sha-r C:\IO.SYS
2007-03-20 09:24:29 0 ----a-w C:\CONFIG.SYS
2007-03-20 09:24:29 0 ----a-w C:\AUTOEXEC.BAT
2007-03-20 09:23:09 -------- d-----w C:\Program Files\Online Services
2007-03-20 09:22:35 -------- d-----w C:\Program Files\Movie Maker
2007-03-20 09:21:57 -------- d-----w C:\Program Files\Common Files\MSSoap
2007-03-20 09:20:56 21,640 ----a-w C:\WINDOWS\system32\emptyregdb.dat
2007-03-20 09:20:20 -------- d-----w C:\Program Files\MSN Gaming Zone
2007-03-20 09:20:17 -------- d-----w C:\Program Files\Windows NT
2007-03-20 01:11:07 -------- d-----w C:\Program Files\Common Files\ODBC
2007-03-20 01:11:03 -------- d-----w C:\Program Files\Common Files\SpeechEngines


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{D80C4E21-C346-4E21-8E64-20746AA20AEB}=C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RegistryUpdate"="" []
"Anti Trojan Elite"="C:\Program Files\Anti Trojan Elite\TJEnder.exe" []
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50]
"SoundFusion"="hercplgs.cpl" [2001-10-04 16:05 C:\WINDOWS\system32\hercplgs.cpl]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-02-13 11:29]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" [2004-08-20 06:19]
"LFAgent"="" []
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2006-10-07 05:20]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-11-15 16:18]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll" [2006-09-28 07:13]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages msv1_0
Security Packages kerberos msv1_0 schannel wdigest
Notification Packages scecli

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService Alerter WebClient LmHosts RemoteRegistry upnphost SSDPSRV
NetworkService DnsCache
rpcss RpcSs
imgsvc StiSvc
termsvcs TermService

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost *netsvcs*


********************************************************************

catchme 0.3.660 W2K/XP/Vista - userland rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-05-18 15:37:10
Windows 5.1.2600 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0


********************************************************************

Completion time: 2007-05-18 15:37:27
C:\ComboFix-quarantined-files.txt ... 2007-05-18 15:37
C:\ComboFix2.txt ... 2007-05-12 17:45


--- E O F ---
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-21-2007, 01:49 AM   #19 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
SDFix: Version 1.83

Run by Johnny - Fri 05/18/2007 - 15:53:57.04

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\DOCUME~1\Johnny\Desktop\SDFix

Safe Mode:
Checking Services:






Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"


Remaining Files:
---------------


Checking For Files with Hidden Attributes:


Finished
ChemicalRomance is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 05-21-2007, 01:51 AM   #20 (permalink)
Registered User
 
Join Date: May 2007
Posts: 33
OS: XP


Re: HijackThis log (Please check ASAP)
Deckard's System Scanner v20070426.43
Run by Johnny on 2007-05-21 at 17:07:48
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as Johnny.exe) ----------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 5:07:51 PM, on 5/21/2007
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Johnny\Desktop\dss.exe
C:\PROGRA~1\HIJACK~1\Johnny.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Helper Class - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Anti Trojan Elite] C:\Program Files\Anti Trojan Elite\TJEnder.exe :NO
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundFusion] RunDll32 hercplgs.cpl,BootEntryPoint
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1174468873093
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AEB9E14-2AE8-4374-B48E-4BD936FAAFFE}: NameServer = 203.194.27.57 203.194.56.150
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe


-- Files created between 2007-04-21 and 2007-05-21 -----------------------------

2007-05-15 00:08:47 0 d-------- C:\WINDOWS\System32\ActiveScan
2007-05-13 03:04:36 0 d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
2007-05-13 03:04:05 0 d-------- C:\Documents and Settings\Johnny\Application Data\GRETECH
2007-05-13 03:03:38 0 d-------- C:\Program Files\GRETECH
2007-05-01 05:18:02 0 d-------- C:\WORD
2007-05-01 03:16:48 0 d-------- C:\Program Files\GPSoftware
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer
2007-04-29 19:37:49 0 d-------- C:\Documents and Settings\Johnny\Application Data\BSplayer Pro
2007-04-29 19:37:48 0 d-------- C:\Program Files\Webteh
2007-04-29 15:37:50 0 d-------- C:\Documents and Settings\All Users\Application Data\CyberLink
2007-04-29 15:37:48 0 d-------- C:\Program Files\CyberLink


-- Find3M Report ---------------------------------------------------------------

2007-05-21 16:51:13 0 d-------- C:\Program Files\MSN Messenger
2007-05-21 16:50:12 0 d-------- C:\Program Files\BitTornado
2007-05-12 19:41:13 0 d-------- C:\Program Files\Winamp
2007-05-01 03:16:50 0 d--h----- C:\Program Files\InstallShield Installation Information
2007-04-28 13:46:30 0 d-------- C:\Documents and Settings\Johnny\Application Data\uTorrent
2007-04-25 16:22:15 0 d-------- C:\Program Files\Common Files\?dobe
2007-04-22 14:52:28 0 d-------- C:\Program Files\SpeedFan
2007-04-20 03:42:30 0 d-------- C:\Program Files\SpywareBlaster
2007-04-17 10:20:49 0 d-------- C:\Program Files\Alwil Software
2007-04-16 1229 0 d-------- C:\Program Files\Messenger
2007-04-14 20:07:54 0 d-------- C:\Program Files\Everstrike Software
2007-04-14 20:07:54 0 d-------- C:\Program Files\Common Files\Everstrike Software
2007-04-13 15:42:29 0 d-------- C:\Program Files\WinAVIVideoConverter
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Real
2007-04-04 01:00:07 0 d-------- C:\Documents and Settings\Johnny\Application Data\Media Player Classic
2007-04-04 00:59:58 0 d-------- C:\Program Files\Real Alternative
2007-04-04 00:59:55 0 d-------- C:\Program Files\Media Player Classic
2007-04-01 01:07:35 3712 --a------ C:\WINDOWS\System32\socketlock.sys
2007-04-01 00:34:30 0 d-------- C:\Program Files\Foxit Software
2007-03-31 03:41:34 0 d-------- C:\Program Files\Ares
2007-03-29 16:44:44 0 d-------- C:\Program Files\SlySoft
2007-03-29 16:28:56 0 d-------- C:\Program Files\Alcohol Soft
2007-03-29 16:28:01 0 d-------- C:\Program Files\Elaborate Bytes
2007-03-29 16:26:21 0 d-------- C:\Program Files\DVD Shrink
2007-03-23 02:40:12 0 d--h----- C:\Program Files\WindowsUpdate
2007-03-22 01:09:38 0 d-------- C:\Program Files\XviD
2007-03-22 00:43:30 0 d-------- C:\Documents and Settings\Johnny\Application Data\vlc
2007-03-21 17:56:06 0 d-------- C:\Program Files\DivX
2007-03-21 17:51:37 0 d-------- C:\Program Files\RegistryFix
2007-03-21 17:00:00 0 d-------- C:\Program Files\Kerio
2007-03-21 16:59:48 0 d-------- C:\Program Files\Common Files\InstallShield
2007-03-21 05:12:09 0 d-------- C:\Program Files\MediaMonkey
2007-03-21 04:49:22 0 d-------- C:\Program Files\VideoLAN
2007-03-21 04:40:35 0 d-------- C:\Program Files\Hercules
2007-03-21 04:20:59 0 d-------- C:\Program Files\PestPatrol
2007-03-21 04:20:30 0 d-------- C:\Program Files\VERITAS Software
2007-03-21 04:00:13 0 d-------- C:\Program Files\Ahead
2007-03-21 04:00:12 0 d-------- C:\Program Files\Common Files\Ahead
2007-03-21 02:01:42 0 d-------- C:\Program Files\Anti Trojan Elite
2007-03-21 02:01:21 0 d-------- C:\Program Files\RegistryCleanerXP
2007-03-21 02:01:18 0 d-------- C:\Program Files\Network Associates
2007-03-20 02:56:41 0 --a------ C:\WINDOWS\nsreg.dat
2007-03-20 02:56:35 2301 --a------ C:\WINDOWS\mozver.dat
2007-03-20 02:24:29 0 -rahs---- C:\MSDOS.SYS
2007-03-20 02:24:29 0 -rahs---- C:\IO.SYS
2007-03-20 02:24:29 0 --a------ C:\CONFIG.SYS
2007-03-20 02:24:29 0 --a------ C:\AUTOEXEC.BAT
2007-03-20 02:20:56 21640 --a------ C:\WINDOWS\System32\emptyregdb.dat
2007-03-19 18:10:29 62 --ahs---- C:\Documents and Settings\Johnny\Application Data\desktop.ini


-- Registry Dump ---------------------------------------------------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
{D80C4E21-C346-4E21-8E64-20746AA20AEB} C:\Program Files\NavExcel Search Toolbar\NavExcelBar.dll [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"RegistryUpdate"=""
"Anti Trojan Elite"="C:\\Program Files\\Anti Trojan Elite\\TJEnder.exe :NO"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"SoundFusion"="RunDll32 hercplgs.cpl,BootEntryPoint"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"
"AnyDVD"="C:\\Program Files\\SlySoft\\AnyDVD\\AnyDVD.exe"