Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Win32.P2P-Worm.Alcan.a

Started by jdonner1 , Jul 30 2005 12:58 AM

  • Please log in to reply

#1
jdonner1
Posted 30 July 2005 - 12:58 AM

jdonner1

    Member

  • Member
  • PipPip
  • 13 posts
Can some one please provide me with help removing this, Thank You very much.

Win32.P2P-Worm.Alcan.a



Logfile of HijackThis v1.99.1
Scan saved at 11:43:47 PM, on 7/29/2005
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\system32\msiexec.exe
C:\WINNT\system32\nvsvc32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\vds.exe
C:\Program Files\winupdates\winupdates.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Maven\mavenAgent.exe
C:\WINNT\system32\dllhost.exe
C:\Program Files\Maven\mavenUpdater.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\WINNT\System32\dmadmin.exe
C:\Documents and Settings\Administrator\Desktop\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - Startup: Start Maven Updater.lnk = C:\Program Files\Maven\mavenUpdater.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Fox Movies.lnk = C:\Program Files\foxmovies\bin\bin-0\foxmoviesCommand.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Start Maven Client.lnk = C:\Program Files\Maven\mavenAgent.exe
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...jsp?forceLoad=1
O16 - DPF: {1380F812-709B-4684-935B-84E447802AFF} (InstallerAX Class) - http://foxmovies.a.c...installerAX.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven....otInstaller.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx...erInstaller.exe
O16 - DPF: {939EA880-465C-4A4A-B465-B0073167902D} (HtmlInput Class) - http://mce.one4movie.de/TripleTap.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/.../WMDownload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O18 - Protocol: maven-8110 - {7B227F3E-ED1D-4163-83BB-0324B430FE26} - C:\Program Files\foxmovies\bin\bin-0\protocolHandler.dll
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O20 - Winlogon Notify: dimsntfy - C:\WINNT\SYSTEM32\dimsntfy.dll
O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINNT\system32\iosdt\iosdt.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
  • 0

Advertisements

#2
bricat
Posted 30 July 2005 - 07:32 AM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
Welcome to the Geeks To Go forum.:tazz:


Click Start > Run > type services.msc, then click OK
Scroll down and right click on 'distributed.net client'
Select 'Properties' and set the "Service Status" option to "Stop"
Set "Startup type" to "Disabled", click Apply, then OK.

Rerun HJT,and put a checkmark beside these :-


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/softAdmin.htm
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [Error Nuker] C:\Program Files\Error Nuker\bin\ErrorNuker.exe autostart
O20 - Winlogon Notify: dimsntfy - C:\WINNT\SYSTEM32\dimsntfy.dll
O23 - Service: distributed.net client (dnetc) - Unknown owner - C:\WINNT\system32\iosdt\iosdt.exe (file missing)

now close all windows and browsers and click FIX CHECKED


Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files,


Close any programs you have open since this step requires a reboot.

From the l2mfix folder on your desktop, double click l2mfix.bat and select option #4 to Merge Winlogon Notify Defaults, Press enter, wait a few moments
Now select option #2 for Run Fix by typing 2 and then pressing enter, then press any key to reboot your computer. After a reboot, your desktop and icons will appear,
then disappear (this is normal). L2mfix will continue to scan your computer and when it's finished, notepad will open with a log. I'll get you to post that log later.

IMPORTANT: Do NOT run any other files in the l2mfix folder until you are asked to do so!




Step 1

Download Killbox from here to your desktop.
Double-click killbox.exe
Click on Tools > Delete Temp Files and click ok.
Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:

C:\Program Files\MsConfigs\MsConfigs.exe
C:\Windows\system32\p2pnetwork.exe
C:\Windows\system32\CMD.COM
C:\Windows\system32\netstat.com
C:\Windows\system32\ping.com
C:\Windows\system32\regedit.com
C:\Windows\system32\tasklist.com
C:\Windows\system32\taskkill.com
C:\Windows\system32\taskmgr.com
C:\Windows\system32\tracert.com
C:\Windows\system32\bt.exe
C:\Windows\system32\z.tmp
C:\Windows\system32\bszip.dll

Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'

The entire list should now be in the "Full Path of File to Delete" field.
To check, click on the dropdown-arrow next to that field.
If you expand it, these lines should all be there.

Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES
When it asks if you would like to Reboot now, click YES
If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.



Step 2

Open Notepad, (Start | Run, type in Notepad)
Copy ALL the bold text below to notepad.
Click File | Save As
Change the Save as type to *All Files*
Save it to your desktop as fix.reg


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole]
"p2pnetwork"=-

[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Lsa]
"p2pnetwork"=-

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Ole]
"p2pnetwork"=-

[HKEY_CURRENT_USER\System\CurrentControlSet\Lsa]
"p2pnetwork"=-


Double-click fix.reg and confirm you wish to merge it with the registry.



Step 4

Reboot once more and post a fresh HijackThis log. and L2M log.
  • 0

#3
jdonner1
Posted 30 July 2005 - 01:39 PM

jdonner1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thany You bricat.

1st issue: Could not stop distributed.net client sevices on Local Computer
Error 2: The system cannot find the file specified
  • 0

#4
bricat
Posted 30 July 2005 - 01:58 PM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
carry on with the rest of the fix.
  • 0

#5
jdonner1
Posted 30 July 2005 - 02:00 PM

jdonner1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Will Do
  • 0

#6
jdonner1
Posted 30 July 2005 - 02:06 PM

jdonner1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When executing L2M fix tool (#4 and enter) it runs and then error message "NTVDM encountered a hard error"
  • 0

#7
jdonner1
Posted 30 July 2005 - 02:09 PM

jdonner1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
when I click the close button on the error mesage, I must click it repeatedly (3 times) and I am returned a windows error message:
Windows cannot find "noti.txt"
  • 0

#8
bricat
Posted 30 July 2005 - 02:10 PM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
leave that and run killbox.
  • 0

#9
jdonner1
Posted 30 July 2005 - 02:11 PM

jdonner1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Will do
  • 0

#10
jdonner1
Posted 30 July 2005 - 02:18 PM

jdonner1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When attempting to past from clipboard, nothing shows up in killbox text box?
  • 0

Advertisements

#11
bricat
Posted 30 July 2005 - 02:29 PM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
:tazz:

Please download the trial version of Ewido Security Suite from
here. Install it and
update the program with the latest definitions. Setup the program
following the instructions here and then close it without running a scan.

Reboot into Safe Mode

Then please run Ewido security suite, and perform a full system scan.
Remove anything found,

Once the scan has completed, there will be a button located on the bottom of the screen named Save report

* Click Save report
* Save the report to your desktop.


then reboot normally, and post a new HJT log, and the scan log from Ewido.
  • 0

#12
jdonner1
Posted 30 July 2005 - 02:30 PM

jdonner1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Will do
  • 0

#13
jdonner1
Posted 31 July 2005 - 03:15 AM

jdonner1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Ok here is Ewido Log, appologies for delay, scan took 5 hours and then dinner with clients.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:36:57 PM, 7/30/2005
+ Report-Checksum: 66F9311C

+ Scan result:

:mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
D:\Homorobertstorage\generalstorage\removed\apdialer\alex1.zip/alex1/dialer_activex.cab/dialer_activex.ocx -> Dialer.Generic : Ignored
D:\Homorobertstorage\generalstorage\removed\apdialer\dialer_activex.cab/dialer_activex.ocx -> Dialer.Generic : Ignored
C:\data -> TrojanDownloader.IstBar.kc : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.136:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
:mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.180:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.181:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.182:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.183:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.193:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.194:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.212:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.213:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.214:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.215:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.216:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.223:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.224:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.226:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.227:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.228:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.257:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.258:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.259:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.260:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.269:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.270:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.395:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.397:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
:mozilla.442:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.474:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.475:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.479:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.480:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.521:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.522:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.566:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.586:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.619:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.693:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.694:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.695:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.726:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.753:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.793:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.846:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.849:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.876:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.894:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.895:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.898:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.899:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.944:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.957:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.960:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.961:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.962:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.963:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
:mozilla.969:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\gvwxiwwk.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-67883689-758fcb3a.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-1413d39f-4f0a42b5.class -> Trojan.Byteverify : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@ivwbox[1].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Popularix : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\cleanup\outlookfix\New Folder (2)\Recover My Files 3.26.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\cleanup\outlookfix\New Folder (2)\Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Documents and Settings\Administrator\Desktop\cleanup\outlookfix\New Folder (3)\Advanced EFS Data Recovery v2.1.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Administrator\Desktop\cleanup\outlookfix\New Folder (3)\Recover My Files 3.26.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Documents and Settings\Administrator\My Documents\SoftwareApps\updateserials\s2k.hacking.exe -> Dialer.Generic : Cleaned with backup
C:\Documents and Settings\Administrator\My Documents\SoftwareApps\updateserials\s2k.serials2k7.1.zip/s2k.hacking.exe -> Dialer.Generic : Error during cleaning
C:\My Downloads\Symantec Norton 2005 Key Generators ( antivirus, ghost, internet security, partitionmagic, systemworks ).rar/Symantec Norton 2005 Key Generators ( antivirus, ghost, internet security, partitionmagic, systemworks )\Symantec Norton Internet Security 2005 Key Generator\KEY GENERATOR.EXE -> TrojanDropper.Delf.fd : Error during cleaning
C:\Program Files\BearShare\Installer\saveinstwm.exe -> Adware.SaveNow : Cleaned with backup
C:\Program Files\winupdates\a.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Program Files\winupdates\winupdates.exe -> Worm.VB.an : Cleaned with backup
D:\allfromold installation\Saved fromC\copymydcos\serialz\s2k.serials2k7.1.zip/s2k.hacking.exe -> Dialer.Generic : Error during cleaning


::Report End
  • 0

#14
jdonner1
Posted 31 July 2005 - 03:19 AM

jdonner1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is HJT Log

Logfile of HijackThis v1.99.1
Scan saved at 2:18:34 AM, on 7/31/2005
Platform: Windows 2003 SP1 (WinNT 5.02.3790)
MSIE: Internet Explorer v6.00 SP1 (6.00.3790.1830)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\netdde.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\nvsvc32.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\vds.exe
C:\WINNT\system32\dllhost.exe
C:\WINNT\System32\dmadmin.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINNT\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\PROGRA~1\MUSICM~1\MUSICM~2\MMDiag.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Maven\mavenAgent.exe
C:\Program Files\Maven\mavenUpdater.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\Hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~2\mimboot.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - Startup: Start Maven Updater.lnk = C:\Program Files\Maven\mavenUpdater.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Fox Movies.lnk = C:\Program Files\foxmovies\bin\bin-0\foxmoviesCommand.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Start Maven Client.lnk = C:\Program Files\Maven\mavenAgent.exe
O8 - Extra context menu item: &Save Flash In This Page - C:\PROGRA~1\FLASHS~1.0\save.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra 'Tools' menuitem: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\PROGRA~1\FLASHS~1.0\save.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Start EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O9 - Extra 'Tools' menuitem: &EasyFreeWebCam - {ECC5777A-6E88-BFCE-13CE-81F134789E8B} - C:\PROGRA~1\EASYWE~1\easywebcam.exe
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.v...jsp?forceLoad=1
O16 - DPF: {1380F812-709B-4684-935B-84E447802AFF} (InstallerAX Class) - http://foxmovies.a.c...installerAX.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...90/mcinsctl.cab
O16 - DPF: {6EE39BFC-2FB6-4B69-9D05-CFC10E4F5B3E} (MavenBootInstallerAXControl Class) - http://client.maven....otInstaller.cab
O16 - DPF: {72D59B9C-1E59-4958-803A-ABDEE2D4CFA6} - http://download.divx...erInstaller.exe
O16 - DPF: {939EA880-465C-4A4A-B465-B0073167902D} (HtmlInput Class) - http://mce.one4movie.de/TripleTap.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - http://www.arcor.de/.../WMDownload.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcaf...,23/mcgdmgr.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{949A5AB1-19CC-401C-BA0F-4A676915643B}: NameServer = 68.87.66.172,68.87.96.3
O18 - Protocol: maven-8110 - {7B227F3E-ED1D-4163-83BB-0324B430FE26} - C:\Program Files\foxmovies\bin\bin-0\protocolHandler.dll
O18 - Protocol: mavencache - {DB47FDC2-8C38-4413-9C78-D1A68BF24EED} - C:\Program Files\Maven\protocolHandlers.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
  • 0

#15
bricat
Posted 31 July 2005 - 04:03 AM

bricat

    Visiting Staff

  • Visiting Consultant
  • 645 posts
Is this a company computer/connected to a network.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP