Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page NETSH.exe Virus?
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 02-09-2006, 09:33 AM   #1 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


Pin NETSH.exe Virus?
I'm running XP home with SP1 and all of a sudden every time i log in a DOS window with the etension saying windows/system32/netsh.exe and on top of that my task manager is disabled by administrator which i am and i didnt and also AOL starts up every time to i know thius is a virus but when i run Norton INternet Security 2005 it dosent pick up crap what can i do to fix this problem
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 02-09-2006, 10:13 AM   #2 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,459
OS: N/A


Hi and Welcome to TSF!

We'll require a HijackThis log from you.

But before you post your log, please read through the sticky first.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 10:18 AM   #3 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


Sorry here is my HijackThis log

Logfile of HijackThis v1.99.1
Scan saved at 11:14:26 AM, on 2/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\System32\cmd32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\America Online 8.0\aolwbspd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Video Process] sysconf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gremlin] C:\WINDOWS\System32\intrenat.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [dmypn.exe] C:\WINDOWS\System32\dmypn.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINDOWS\System32\hgqhp.exe
O4 - HKLM\..\RunServices: [Video Process] sysconf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139249389781
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F22FAD4-64E2-4A93-8585-D2E3D35E85F2}: NameServer = 85.255.114.25,85.255.112.69
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 10:27 AM   #4 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,459
OS: N/A


Download Blacklight Beta from this website:
http://www.f-secure.com/blacklight/try.shtml
Save it to your desktop and double click on the file.

Have it scan your computer but do not try to fix or delete anything identified by the tool, it may list legitimate programs.

If the scan does find anything then copy and paste the log back to this thread. The log should be on your desktop or root directory (C:\). This is the format for the log file name:
fsbl-<date-and-time>.log

If you have any trouble finding it do a search for fsbl*.log.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 11:45 AM   #5 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


It found 5 hidden items what do i do now
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 11:46 AM   #6 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


02/09/06 12:40:27 [Info]: BlackLight Engine 1.0.30 initialized
02/09/06 12:40:27 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/09/06 12:40:28 [Note]: 7019 4
02/09/06 12:40:28 [Note]: 7005 0
02/09/06 12:40:32 [Note]: 7006 0
02/09/06 12:40:32 [Note]: 7011 684
02/09/06 12:40:33 [Note]: FSRAW library version 1.7.1014
02/09/06 12:44:01 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\WBEM\WBEMTEST.EXE
02/09/06 12:44:01 [Note]: 10002 1
02/09/06 12:44:08 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\csvgn.exe
02/09/06 12:44:08 [Note]: 7002 32
02/09/06 12:44:08 [Note]: 7003 1
02/09/06 12:44:08 [Note]: 10002 1
02/09/06 12:44:12 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\dmypn.exe
02/09/06 12:44:12 [Note]: 7002 32
02/09/06 12:44:12 [Note]: 7003 1
02/09/06 12:44:12 [Note]: 10002 1
02/09/06 12:44:31 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\howiper.exe
02/09/06 12:44:31 [Note]: 10002 1
02/09/06 12:44:33 [Info]: Hidden file: C:\WINDOWS\SYSTEM32\jbksc.exe
02/09/06 12:44:33 [Note]: 7002 32
02/09/06 12:44:33 [Note]: 7003 1
02/09/06 12:44:33 [Note]: 10002 1
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 11:56 AM   #7 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,459
OS: N/A


Do another Blacklight scan.
For hidden entries found, choose for Blacklight to rename all of them except this one:

C:\WINDOWS\SYSTEM32\WBEM\WBEMTEST.EXE

The tool will ask if you want to reboot (restart) choose yes.
After you have rebooted post back with a fresh hijackthis log
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 12:23 PM   #8 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,459
OS: N/A


As a matter of curiosity, how long did it take for Blacklight to scan your computer?
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 02:30 PM   #9 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


maybe 3 minutes if that
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 02:34 PM   #10 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,459
OS: N/A


Have you done the 2nd BlackLight scan yet?

Hurry up. We still have quite a bit of work to do.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 02:46 PM   #11 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


02/09/06 15:40:07 [Info]: BlackLight Engine 1.0.30 initialized
02/09/06 15:40:07 [Info]: OS: 5.1 build 2600 (Service Pack 1)
02/09/06 15:40:07 [Note]: 7019 4
02/09/06 15:40:07 [Note]: 7005 0
02/09/06 15:40:12 [Note]: 7006 0
02/09/06 15:40:12 [Note]: 7011 2436
02/09/06 15:40:13 [Note]: FSRAW library version 1.7.1014
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 02:48 PM   #12 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,459
OS: N/A


Fresh HJT log please
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 02:49 PM   #13 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


Logfile of HijackThis v1.99.1
Scan saved at 3:49:22 PM, on 2/9/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\System32\cmd32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\America Online 8.0\waol.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\taskmgr.exe
C:\Program Files\America Online 8.0\aolwbspd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\dtmkr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\dtmkr.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Video Process] sysconf.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gremlin] C:\WINDOWS\System32\intrenat.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [dmypn.exe] C:\WINDOWS\System32\dmypn.exe
O4 - HKLM\..\Run: [jbksc.exe] C:\WINDOWS\System32\jbksc.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\RunServices: [Video Process] sysconf.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139249389781
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F22FAD4-64E2-4A93-8585-D2E3D35E85F2}: NameServer = 85.255.114.25,85.255.112.69
O17 - HKLM\System\CCS\Services\Tcpip\..\{F503626B-782E-4546-85D3-A5F2D2EE3145}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 03:03 PM   #14 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,459
OS: N/A


Please read this post completely before begining the fix. If there's anything that you do not understand, kindly ask your questions before proceeding. Please ensure that there aren't any any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.


* * * * * * ADDITIONAL DOWNLOADS * * * * * * * * * * * * * *


Download & install CleanUp.exe (not recommended for WinXP64)

Download KillBox v2.0.0.175.exe (it's important that you get version v2.0.0.175)

Right click on this file & select Save as.. - "taskmanager.reg" (inclusive of quotes)
Save it on Desktop but do not run it yet

Download and install Ewido Security Suite
  • When installing, under "Additional Options",
    • uncheck - Install background guard
  • Have Ewido update itself & then exit the program.
If you are having problems with the updater, you can use this link to manually update Ewido


* * * * * *


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dellnet.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [TaskMon] C:\WINDOWS\System32\taskmon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Limeshop0] "C:\Program Files\Lime_Shop\Limeshop0.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [McAfee.InstantUpdate.Monitor] "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /STARTMONITOR
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1139249389781
O17 - HKLM\System\CCS\Services\Tcpip\..\{F503626B-782E-4546-85D3-A5F2D2EE3145}: NameServer = 205.188.146.145
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


Take a look at the log listed above. Checkmark all the entries & hit the "add checked to ignore list".


* * * * * * DISABLING SERVICES * * * * * * * * * * * * * * * * *


Click Start -> Run - type SERVICES.MSC & then click on the OK button
  1. Locate the service - .NET Framework Service
  2. Double-click on it to open the Properties dialog.
    - Change the Startup type to Disabled & then click on the Apply button
    - Stop the service by using the Stop button.
  3. Then start HiJackThis & go to Config... -> Misc.Tools -> Delete an NT service
  4. In the popup box that appears, copy/paste .NET Framework Service
  5. Click on the OK button & answer No if prompted to reboot


* * * * * * PURGING TEMP FOLDERS * * * * * * * * * * * * * * *


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider initially to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
  • Delete Newsgroup Subscriptions
  • Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program.
6. Do NOT reboot/logoff if prompted.

* CleanUp! will not create any backups!!


* * * * * * KILLBOX * * * * * * * * * * * * * * * * * * * * * * *


Launch KillBox.exe & select the following options:
  • delete on Reboot
  • All files (if available)
Use your mouse to select all the filenames highlighted in blue & then right-click & select Copy
  • C:\WINDOWS\System32\cmd32.exe
    C:\WINDOWS\System32\dtmkr.dll
    C:\WINDOWS\System32\sysconf.exe
    C:\WINDOWS\System32\intrenat.exe
    C:\WINDOWS\System32\dmypn.exe
    C:\WINDOWS\System32\jbksc.exe
    C:\WINDOWS\System32\yaemu.exe
    C:\WINDOWS\sysconf.exe
    C:\WINDOWS\svchost.exe
* Go to the File menu, and choose Paste from Clipboard
* Click the RED X button.
* Click Yes at the Delete on Reboot prompt.
* Choose No when asked to reboot now.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, download and run missingfilesetup.exe. Then try Killbox again.


* * *


Then download & Install - FixWareout.exe

When you reach the final page of the installation process, make sure "Run fixit" is checked.
Follow the on-screen prompts & reboot your computer when instructed to do so.

**Do not be alarmed if your computer takes longer than usual to load.

After you have restarted, wait for HijackThis to launch automatically.
With HiJackThis & place a check next to these items and select "Fix checked":

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: localhost 127.0.0.1
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\dtmkr.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\dtmkr.dll
O4 - HKLM\..\Run: [ControlPanel] C:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKLM\..\Run: [Video Process] sysconf.exe
O4 - HKLM\..\Run: [Srng] \Program Files\Srng\Srng.exe
O4 - HKLM\..\Run: [Gremlin] C:\WINDOWS\System32\intrenat.exe
O4 - HKLM\..\Run: [dmypn.exe] C:\WINDOWS\System32\dmypn.exe
O4 - HKLM\..\Run: [jbksc.exe] C:\WINDOWS\System32\jbksc.exe
O4 - HKLM\..\Run: [yaemu.exe] C:\WINDOWS\System32\yaemu.exe
O4 - HKLM\..\RunServices: [Video Process] sysconf.exe
O4 - Startup: PowerReg Scheduler.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9F22FAD4-64E2-4A93-8585-D2E3D35E85F2}: NameServer = 85.255.114.25,85.255.112.69
O23 - Service: .NET Framework Service (.NET Connection Service) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)

Close HijackThis, and click OK to proceed.


If you see any new items in the O4 section of HijackThis, five-letters long, starting with dm or hg or cs
Check it as well. If you're not sure, leave it and only check the ones I asked you to check.

O4 - HKLM\..\Run: [dm***.exe] C:\WINDOWS\system32\dm***.exe (the *** stand for random letters)
O4 - HKLM\..\Run: [hg***.exe] C:\Windows\System32\hg***.exe
O4 - HKLM\..\Run: [cscyd.exe] cs***.exe

FixWareOut will produce a logfile, report.txt located within the C:\fixwareout folder


* * * * * * DELETING FILES/FOLDERS * * * * * * * * * * * * * * *


If you have not done so already, please enable the viewing of Hidden files
From Windows Explorer, go to Tools -> Folder Options -> View tab.
  • Tick - 'Show hidden files and folder'
  • Untick - 'Hide file extensions for known types'
  • Untick - 'Hide protected operating system files'
  • Click Yes to confirm & then click OK
Locate and delete the following files/folders: (let me know if you fail to find/delete any)
  • C:\Program Files\Srng\


* * * * * * BATCHES / REG FIXES * * * * * * * * * * * * * * * * *


Double click on TaskManager.reg & allow it to merge into the Registry


* * * * * * RUNNING ADDITIONAL SCANNERS * * * * * * * * * * *


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


* * * * * *


REBOOT & establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure to:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan


* * * * * * CHECK LIST * * * * * * * * * * * * * * * * * * * * *


In your next post, please include fresh logs from:
  • FixWareout's log
  • HiJackThis log
  • Online Scan
  • Ewido
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
__________________

Question - what have you done for the community today?
Last edited by sUBs; 02-09-2006 at 03:18 PM.
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 03:12 PM   #15 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


Right click on this file & select Save as.. - "taskmanager.reg" (inclusive of quotes)
Save it on Desktop but do not run it yet

wount let me do it
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 03:19 PM   #16 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,459
OS: N/A


I fixed the link. Try it again
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-09-2006, 03:25 PM   #17 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


thank you
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-10-2006, 02:13 PM   #18 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


These 2 things didnt work i counldn't find the file and when i did go to delete the .NET it said it wasnt found in the registry

Click Start -> Run - type .NET Framework Service & then click on the OK button
1. Locate the service - .NET Framework Service
2. Double-click on it to open the Properties dialog.
- Change the Startup type to Disabled & then click on the Apply button
- Stop the service by using the Stop button.
3. Then start HiJackThis & go to Config... -> Misc.Tools -> Delete an NT service
4. In the popup box that appears, copy/paste .NET Framework Service
5. Click on the OK button & answer No if prompted to reboot


Locate and delete the following files/folders: (let me know if you fail to find/delete any)
• C:\Program Files\Srng\
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-10-2006, 02:15 PM   #19 (permalink)
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
 
sUBs's Avatar
 
Join Date: May 2005
Posts: 24,459
OS: N/A


That's okay. You may proceed with the rest of the fix.

Once you have completed everything, please post the logs I requested.
__________________

Question - what have you done for the community today?
sUBs is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 02-16-2006, 01:49 PM   #20 (permalink)
Registered User
 
Join Date: Feb 2006
Posts: 15
OS: XP


Logfile of HijackThis v1.99.1
Scan saved at 9:04:16 PM, on 2/14/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Documents and Settings\Chris\Desktop\HijackThis.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\DAP\DAP.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\America Online 8.0\waol.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost;
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - C:\Program Files\DAP\DAPBHO.dll
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - C:\Program Files\DAP\DAPIEBar.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [DownloadAccelerator] C:\PROGRA~1\DAP\DAP.EXE /STARTUP
O4 - Startup: PowerReg Scheduler.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab


Fixwareout ver 1.003
Last edited 1/12/2006
Post this report in the forums please

Reg Entries that were deleted

PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, There WILL be LEGIT FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

»»»»» Search by size and names...
C:\WINDOWS\SYSTEM32\JBKSCE~1.REN

»»»»» Misc files

»»»»» Checking for older varients covered by the Rem3 tool

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, February 14, 2006 20:50:34
Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/02/2006
Kaspersky Anti-Virus database records: 176795
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan Statistics:
Total number of scanned objects: 134397
Number of viruses found: 36
Number of infected objects: 198
Number of suspicious objects: 0
Duration of the scan process: 10946 sec

Infected Object Name - Virus Name
C:\Program Files\America Online 8.0\download\sdfff Infected: Trojan-Downloader.Win32.Small.awa
C:\Program Files\LimeWire\2.9.10\limeshop.exe/data0126 Infected: not-a-virus:AdWare.Win32.TopMoxie.c
C:\Program Files\LimeWire\2.9.10\limeshop.exe Infected: not-a-virus:AdWare.Win32.TopMoxie.c
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1213380D.dll Infected: Email-Worm.Win32.Mydoom.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\12940D3A.tmp Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\15476287.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\15955230.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\15955230.tmp Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\160B39AF.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16592959.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\16704F40.tmp Infected: Trojan.Java.ClassLoader.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1681212E.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\168E491F.cla Infected: Exploit.Java.ByteVerify
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17B40BDC.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\17E157AA.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18B500C0.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\18E6768A.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1A3141F2.exe Infected: Trojan.Win32.DNSChanger.bo
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BD20553.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BF07F33.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BF07F33.tmp Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1BF3292F.scr Infected: Email-Worm.Win32.Mydoom.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\25615517.exe Infected: Trojan-Proxy.Win32.Mitglieder.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\2700294F.exe Infected: Trojan-Proxy.Win32.Mitglieder.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\291E62FA.exe Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\341344EB.exe Infected: Email-Worm.Win32.Mydoom.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3DBC4525.tmp Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3DC06F22.tmp Infected: not-a-virus:AdWare.Win32.Cydoor
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\41273962.exe Infected: Trojan-Proxy.Win32.Mitglieder.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4CCE25FC.exe Infected: Trojan-Dropper.Win32.Delf.fd
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4CE875DF.exe Infected: Trojan-Proxy.Win32.Small.bo
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\4CEF49D8.exe Infected: Trojan-Proxy.Win32.Small.bo
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\55F8270C.tmp Infected: Trojan.Java.ClassLoader.d
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\5E5C7C1B.tbz Infected: Net-Worm.Win32.Doomjuice.a
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\660A727B.exe Infected: Trojan-Downloader.Win32.Harnig.bb
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\672D0B3B.exe Infected: Trojan-Downloader.Win32.Harnig.bb
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\68D27C49.dll Infected: not-a-virus:AdWare.Win32.SBSoft.h
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6EB4241C.dll Infected: Trojan.Win32.StartPage.gv
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\71C400BE.dll Infected: Trojan.Win32.StartPage.gv
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP923\A0134090.exe/2020search.dll Infected: not-a-virus:AdWare.Win32.IeSearchBar.b
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP923\A0134090.exe/Srng.exe Infected: not-a-virus:AdWare.Win32.ShopNav.a
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP923\A0134090.exe Infected: not-a-virus:AdWare.Win32.ShopNav.a
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP928\A0137413.exe Infected: Trojan-Dropper.Win32.Delf.fd
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP929\A0137937.exe Infected: not-a-virus:AdWare.Win32.EZula.bx
C:\WINDOWS\Downloaded Program Files\on.exe Infected: Trojan-Downloader.Win32.Small.amb
C:\WINDOWS\SYSTEM32\z12.exe Infected: Trojan-Downloader.Win32.Small.awa
E:\Games\Counter-Strike\cs1005.exe/WISE0024.BIN Infected: not-a-virus:Server-Proxy.Win32.Hltv
E:\Games\Counter-Strike\cs1005.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv
E:\Programs\Norton Internet Security 2005\Norton.Internet.Security.Pro.2005.Incl.Keygen-SSG.rar/kgnis.exe Infected: Trojan-Dropper.Win32.Delf.fd
E:\Programs\Norton Internet Security 2005\Norton.Internet.Security.Pro.2005.Incl.Keygen-SSG.rar Infected: Trojan-Dropper.Win32.Delf.fd
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Bit Torrent Downloads\Winamp\Winamp505pro+keygen.exe/keygen_winamp.exe Infected: Trojan-Dropper.Win32.Delf.fl
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Bit Torrent Downloads\Winamp\Winamp505pro+keygen.exe/r.exe Infected: Backdoor.Win32.Rbot.wi
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Bit Torrent Downloads\Winamp\Winamp505pro+keygen.exe Infected: Backdoor.Win32.Rbot.wi
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Programs\Ares.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Programs\Ares.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Programs\Ares.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Programs\Ares.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Programs\Ares.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Programs\Ares.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Programs\Ares.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1275210071-115176313-725345543-500\De2\Programs\Ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\setup_ares.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\setup_ares.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\setup_ares.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\setup_ares.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\setup_ares.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\setup_ares.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\setup_ares.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\xp dl thems\apple copy/WISE0017.BIN Infected: not-a-virus:AdWare.Win32.Quick.a
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\xp dl thems\apple copy/WISE0018.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\xp dl thems\apple copy/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\xp dl thems\apple copy Infected: not-a-virus:AdWare.Win32.Gator.3103
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\xp dl thems\back round, katie holmes..exe/WISE0013.BIN/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\xp dl thems\back round, katie holmes..exe/WISE0013.BIN/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\xp dl thems\back round, katie holmes..exe/WISE0013.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.v
E:\RECYCLER\S-1-5-21-1454471165-1060284298-854245398-1003\De1\xp dl thems\back round, katie holmes..exe Infected: not-a-virus:AdWare.Win32.SaveNow.v
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\mirc616.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\mirc616.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe/data.rar/setup_ares.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe/data.rar/setup_ares.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe/data.rar/setup_ares.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe/data.rar/setup_ares.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe/data.rar/setup_ares.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe/data.rar/setup_ares.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe/data.rar/setup_ares.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe/data.rar/setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe/data.rar Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\Executables\setup_ares.sfx.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-1957994488-746137067-1060284298-1003\De3\****\Lionteam\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
E:\RECYCLER\S-1-5-21-2000478354-73586283-839522115-1004\De3\my stuff\setup_ares.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\RECYCLER\S-1-5-21-2000478354-73586283-839522115-1004\De3\my stuff\setup_ares.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\RECYCLER\S-1-5-21-2000478354-73586283-839522115-1004\De3\my stuff\setup_ares.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\RECYCLER\S-1-5-21-2000478354-73586283-839522115-1004\De3\my stuff\setup_ares.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-2000478354-73586283-839522115-1004\De3\my stuff\setup_ares.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-2000478354-73586283-839522115-1004\De3\my stuff\setup_ares.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\RECYCLER\S-1-5-21-2000478354-73586283-839522115-1004\De3\my stuff\setup_ares.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\RECYCLER\S-1-5-21-2000478354-73586283-839522115-1004\De3\my stuff\setup_ares.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{2345FC3B-CDF0-4F0A-A92E-1F4C5044E475}\RP20\A0000831.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{2345FC3B-CDF0-4F0A-A92E-1F4C5044E475}\RP20\A0000831.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\System Volume Information\_restore{2345FC3B-CDF0-4F0A-A92E-1F4C5044E475}\RP20\A0000831.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\System Volume Information\_restore{2345FC3B-CDF0-4F0A-A92E-1F4C5044E475}\RP20\A0000831.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{2345FC3B-CDF0-4F0A-A92E-1F4C5044E475}\RP20\A0000831.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{2345FC3B-CDF0-4F0A-A92E-1F4C5044E475}\RP20\A0000831.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{2345FC3B-CDF0-4F0A-A92E-1F4C5044E475}\RP20\A0000831.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{2345FC3B-CDF0-4F0A-A92E-1F4C5044E475}\RP20\A0000831.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{328E38A5-51DA-49FE-A17D-65F3F6088B7F}\RP1\A0000017.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616
E:\System Volume Information\_restore{328E38A5-51DA-49FE-A17D-65F3F6088B7F}\RP1\A0000017.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0001391.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0001391.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0001391.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0001391.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0001391.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0001391.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0001391.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0001391.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0001789.exe Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0002209.exe/WISE0024.BIN Infected: not-a-virus:Server-Proxy.Win32.Hltv
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP20\A0002209.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0013427.exe/data0019/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0013427.exe/data0019/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0013427.exe/data0019/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0013427.exe/data0019/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0013427.exe/data0019/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0013427.exe/data0019 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0013427.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0013579.exe Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0014098.exe/data0016/data0002 Infected: not-a-virus:AdWare.Win32.StickyPops.a
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0014098.exe/data0016/data0003 Infected: not-a-virus:AdWare.Win32.StickyPops.a
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0014098.exe/data0016/data0005 Infected: Trojan-Downloader.Win32.Lookme.g
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0014098.exe/data0016/data0006 Infected: Trojan-Dropper.Win32.Agent.og
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0014098.exe/data0016 Infected: Trojan-Dropper.Win32.Agent.og
E:\System Volume Information\_restore{38AB2306-2038-49ED-8D33-40CCB57F5C64}\RP45\A0014098.exe Infected: Trojan-Dropper.Win32.Agent.og
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002648.exe/data0016/data0002 Infected: not-a-virus:AdWare.Win32.StickyPops.a
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002648.exe/data0016/data0003 Infected: not-a-virus:AdWare.Win32.StickyPops.a
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002648.exe/data0016/data0005 Infected: Trojan-Downloader.Win32.Lookme.g
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002648.exe/data0016/data0006 Infected: Trojan-Dropper.Win32.Agent.og
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002648.exe/data0016 Infected: Trojan-Dropper.Win32.Agent.og
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002648.exe Infected: Trojan-Dropper.Win32.Agent.og
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002818.exe/data0019/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002818.exe/data0019/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002818.exe/data0019/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002818.exe/data0019/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002818.exe/data0019/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002818.exe/data0019 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{4269387D-7B16-434B-8DF3-ECCC7CDC171E}\RP13\A0002818.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0001794.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0001794.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0001794.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0001794.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0001794.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0001794.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0001794.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0001794.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0002188.exe/data.rar/torrentsearch.exe/data0004/stream/data0004 Infected: Trojan.Win32.StartPage.rr
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0002188.exe/data.rar/torrentsearch.exe/data0004/stream Infected: Trojan.Win32.StartPage.rr
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0002188.exe/data.rar/torrentsearch.exe/data0004 Infected: Trojan.Win32.StartPage.rr
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0002188.exe/data.rar/torrentsearch.exe Infected: Trojan.Win32.StartPage.rr
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0002188.exe/data.rar/wrar341.exe Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0002188.exe/data.rar Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{478922C0-9331-4362-B10B-C81473D5EA8C}\RP20\A0002188.exe Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{A433693C-B03C-466B-97DC-EF36303F66F0}\RP63\A0016096.exe/WISE0024.BIN Infected: not-a-virus:Server-Proxy.Win32.Hltv
E:\System Volume Information\_restore{A433693C-B03C-466B-97DC-EF36303F66F0}\RP63\A0016096.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv
E:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP925\A0136343.exe Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002486.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002486.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002486.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002486.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002486.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002486.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002486.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002486.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002848.exe/WISE0024.BIN Infected: not-a-virus:Server-Proxy.Win32.Hltv
E:\System Volume Information\_restore{BB838F8B-ECAD-4F59-AB18-EEC1E7DABDC5}\RP31\A0002848.exe Infected: not-a-virus:Server-Proxy.Win32.Hltv
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003287.exe/data.rar/torrentsearch.exe/data0004/stream/data0004 Infected: Trojan.Win32.StartPage.rr
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003287.exe/data.rar/torrentsearch.exe/data0004/stream Infected: Trojan.Win32.StartPage.rr
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003287.exe/data.rar/torrentsearch.exe/data0004 Infected: Trojan.Win32.StartPage.rr
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003287.exe/data.rar/torrentsearch.exe Infected: Trojan.Win32.StartPage.rr
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003287.exe/data.rar/wrar341.exe Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003287.exe/data.rar Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003287.exe Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003288.exe Infected: Trojan-Dropper.Win32.Delf.fd
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003367.exe/data0020/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003367.exe/data0020/v2.0.4b.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.g
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003367.exe/data0020/v2.0.4b.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003367.exe/data0020/v2.0.4b.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003367.exe/data0020/v2.0.4b.cab Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003367.exe/data0020 Infected: not-a-virus:AdWare.Win32.NavExcel.b
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003367.exe/data0021 Infected: not-a-virus:AdWare.Win32.NavExcel.i
E:\System Volume Information\_restore{C2FF5655-8273-4936-A986-E264152794CB}\RP29\A0003367.exe Infected: not-a-virus:AdWare.Win32.NavExcel.i

Scan process completed.


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:14:42 PM, 2/14/2006
+ Report-Checksum: E54A05A4

+ Scan result:

C:\Documents and Settings\Chris\Cookies\chris@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP929\A0137982.exe -> Downloader.Harnig.bb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP929\A0137983.exe -> Downloader.Harnig.bb : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP929\A0137984.exe -> Downloader.Delf.aeu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP929\A0137985.exe -> Downloader.Delf.aeu : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP929\A0137986.dll -> Adware.SBSoft : Cleaned with backup
E:\Programs\Norton Internet Security 2005\Norton.Internet.Security.Pro.2005.Incl.Keygen-SSG.rar/kgnis.exe -> Dropper.Delf.fd : Error during cleaning


::Report End
ICEMAN2303 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 10:13 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85