Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

WIN32.P2P-WORM.ALCAN.A


  • Please log in to reply

#1
Crissy17

Crissy17

    Member

  • Member
  • PipPip
  • 10 posts
i have this WIN32.P2P-WORM.ALCAN.A on my computer. I have no idea what it is, i'm not good with computers. I ran ad-aware but it wont get rid of it.

Logfile of HijackThis v1.99.1
Scan saved at 11:39:22 AM, on 10/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\WINDOWS\system32\p2pnetworking.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\winstall.exe
C:\winstall.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\hijack this\HijackThis.exe
C:\WINDOWS\explorer.exe

O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MELIS] C:\WINDOWS\melis.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SNInstall] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: nucdrvdll - nucdrvdll. (file missing)
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\mdabohkm.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT© SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

Can someone please help me get rid of this? Thanks in advance to whoever helps! Somehow spysheriff installed on my computer. I think it is because of this virus or whatever it is. I think I deleted spysheriff but i'm not sure.

Edited by Crissy17, 19 October 2005 - 09:47 AM.

  • 0

Advertisements


#2
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello and welcome to Geeks to Go:tazz:

I see you have been infected by malware. Lets get you fixed up.
Please follow the directions as closely as you can . Lets begin

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.



Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:
===================================================
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O20 - Winlogon Notify: nucdrvdll - nucdrvdll. (file missing)
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\mdabohkm.dll

===================================================

Close HiJackThis.

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

winsupdater
winupdate


Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\winupdate
C:\Program Files\winsupdater

Please delete these files using Windows Explorer(if present):

C:\WINDOWS\system32\mdabohkm.dll
C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
C:\WINDOWS\system32\p2pnetworking.exe

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt and the Ewido Log by using [b]Add Reply
.

Thanks
:)
  • 0

#3
Crissy17

Crissy17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Most of the stuff you told me to delete, I couldsn't find. When I put my computer in safe mode I logged in as the administrator, I couldn't find smitrem. I just scanned with Ewido, then reboot and logged in as a computer user. I found smitrem and scanned with it.

Here are the things you asked for
[code=auto:0]---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:00:05 PM, 10/23/2005
+ Report-Checksum: 7C10F202

+ Scan result:

C:\a.zip/Setup.exe -> Worm.VB.an : Ignored
C:\Documents and Settings\Computer User\Local Settings\Temporary Internet Files\Content.IE5\056NOH2R\mm[2].js -> Spyware.Chitika : Ignored
C:\Program Files\Desktop\loadadv458.exe -> TrojanDownloader.Small.brk : Ignored
C:\s.tmp -> Worm.VB.an : Ignored
C:\Uploads\10000+ Serials.zip/Setup.exe -> Worm.VB.an : Ignored
C:\Uploads\Advanced Uninstaller Pro 2005 7.0.zip/Setup.exe -> Worm.VB.an : Ignored
C:\Uploads\AntiTracer 1.3.zip/Setup.exe -> Worm.VB.an : Ignored
C:\Uploads\R-Excel v1.0.1019 Regged by SCRiPTMAFiA.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\R-Guard 2.2 b962 Cracked by MastiC.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\R-win 2000 keyboard switch 6.0 build 1021.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\R-WIN 2000 Keyboard Switch v6.0.0.1119.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\R-WIN 2000 Keyboard Switch v6.0.1021.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\R-WIN 2000 Keyboard Switch.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\R.C. Cars.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\R4 v1.08 Cracked by SSG.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\R4 v1.x.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\r@dio.mp3 v.2.xx Pack.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Radix 4.0.10.0.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RadiX RAM Diagnostics 1.10 German Regged READ NFO by iNFECTED.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RadiX RAM Diagnostics 1.10 German.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Radix v4.0.10.0.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RadLight 3.03 R 5.3.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Radmin 2.1 WORKING.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Radmin v2.1 Serial.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Radmin v2.1.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Raduga v3.0.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Raks2000-AD Administrator v2.75.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Ram Active v2.1q.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM and HDD Cleaner v5.2.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Ram Boost 2002a.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Boost v2002a.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Ram Cheat 1.2.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Cheat v1.0.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Cheat v1.1 Crack by DBC.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Cheat v1.1 Crack by RAC.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Cheat v1.1 Keygen.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Cheat v1.2 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Defrag v2.55.20.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Professional for Windows NT-2000-XP.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Professional v1.2 build 2000.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Professional v3.4.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Professional v3.6.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Standard v4.6.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Standard v4.8 Beta 3.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Standard v4.8 Beta.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Standard v4.8 Fixed.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Standard v4.8 for Windows 9x-Me.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAM Idle Standard v4.8 for Windows XP-2000.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Ram saver pro 3.6 crack by rev.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Ram saver pro 3.6 cracked exe by rev.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RamActive 2.3c.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RamActive 2.3h.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RamActive 2.3k.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAMDisk XP v1.9.100 Beta WinXPOnly CRACKED READ NFO-XMA0D.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RamDisk98 v0.6.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RamDisk98 v1.2.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RamDisk9xMe v1.5 by aGHOst.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RamDisk9xMe v1.5 by DBC.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAMDiskXP v1.8.200.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RAMIdle v4.8.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\RamschEx 2.0.1.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Ramturbo 1.5.zip/setup.exe -> Trojan.Crypt.e : Ignored
C:\Uploads\Windows XP.zip/Setup.exe -> Worm.VB.an : Ignored
C:\WINDOWS\melis.exe -> Worm.Niklas.y : Ignored
C:\WINDOWS\naz.scr -> Worm.Niklas.y : Ignored
C:\WINDOWS\system32\mdms.exe -> TrojanProxy.Cimuz.bg : Ignored
C:\WINDOWS\system32\winacpi.dll -> TrojanProxy.Cimuz.ai : Ignored
C:\WINDOWS\Temp\Project32\kszqqg.exe -> Worm.Niklas.y : Ignored
C:\WINDOWS\tool2.exe -> Not-A-Virus.Hoax.Renos.p : Ignored
C:\winstall.exe -> Not-A-Virus.Hoax.Renos.p : Ignored
:mozilla.73:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.114:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.200:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
:mozilla.201:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.249:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.256:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.264:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.265:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
:mozilla.267:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.268:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.313:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.314:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.315:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.316:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.317:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.318:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.319:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.320:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.321:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.322:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.323:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.325:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.327:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.347:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
:mozilla.357:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.372:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.378:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.379:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.380:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.396:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.398:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.399:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.400:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.401:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.402:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.411:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.412:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.413:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.414:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitslink : Cleaned with backup
:mozilla.415:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
:mozilla.420:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.421:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.422:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.423:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Webtrendslive : Cleaned with backup
:mozilla.424:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.443:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.457:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.458:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.459:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.460:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.461:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.462:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.524:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.525:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.526:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.527:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.528:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.537:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.542:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.543:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.544:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.545:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.546:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.547:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.548:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.549:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.552:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Sitestat : Cleaned with backup
:mozilla.564:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.565:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.567:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.568:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.575:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.580:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.599:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.601:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.603:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.604:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.605:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.609:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.610:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.611:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.612:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.613:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.614:C:\Documents and Settings\Computer User\Application Data\Mozilla\Firefox\Profiles\zxn9lvhu.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@ad1.clickhype[1].txt -> Spyware.Cookie.Clickhype : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@burstnet[1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@gettyimages.122.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@hypertracker[1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@msnportal.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@www.burstbeacon[1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Computer User\Cookies\computer user@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\aawsepersonal.exe -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\DCPlusPlus-0.674.exe -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\CDSTART.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\KEYGEN!!.exe -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\COMMONFI\SYMSHARE\SMNLNCH.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\CCIMSCN.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\NAVAPSVC.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\NAVDX.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\NAVSTUB.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\NAVW32.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\NAVWNT.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\OPSCAN.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\QCONSOLE.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\SAVSCAN.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\APP\UNDOBOOT.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\BOOTWARN.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\CFGWIZ.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\EXTERNAL\NORTON\LRSEND.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\IWP\APP\ALEUPDAT.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\IWP\APP\NPFMNTOR.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAV\OMIGRATE.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\NAVSETUP.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\CCCOMMON\CCCOMMON\CCAPP.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\CCCOMMON\CCCOMMON\CCEVTMGR.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\CCCOMMON\CCCOMMON\CCLGVIEW.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\CCCOMMON\CCCOMMON\CCPWDSVC.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\CCCOMMON\CCCOMMON\CCSETMGR.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\CCCOMMON\CCCOMMON\NMAIN.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\EDISK\NED.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\LIVEREG\ADVISOR.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\LIVEREG\IRALRSHL.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\LIVEREG\SYMCSUB.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\LIVEREG\VCCLNUP.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\LIVEREG\VCSETUP.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\LUPDATE\LUSETUP.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\MSI\INSTMSIA.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\MSI\INSTMSIW.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\NAVTOOLS\REPAIR\BLASTER\FIXBLAST.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\NAVTOOLS\REPAIR\GAOBOT\FXGAOBOT.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\NAVTOOLS\REPAIR\GAOBOTUJ\FXGAOUJ.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\NAVTOOLS\REPAIR\MYDOOM\FXMYDOOM.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\NAVTOOLS\REPAIR\NETSKY\FXNETSKY.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\NAVTOOLS\REPAIR\SASSER\FXSASSER.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\NAVTOOLS\REPAIR\WELCHIA\FIXWELCH.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\SEVINST\SEVINST.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\SPBBC\COMMON\SYMSHARE\SPBBC\SPBBCSVC.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\SPBBC\COMMON\SYMSHARE\SPBBC\UPDMGR.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\SYMLNCH\SYMLNCH.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\SYMNET\SYMNET\SYMSHARE\IDS\IDSINST.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\SYMNET\SYMNET\SYMSHARE\SNDINST.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\SYMNET\SYMNET\SYMSHARE\SNDSRVC.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Desktop\Norton Antivirus 2005 (Full Version)\Norton Antivirus 2005\SUPPORT\SYMSC\SYMWMIAV\SYMSC\USRPRMPT.EXE -> Worm.Niklas.y : Cleaned with backup
C:\Documents and Settings\Computer User\Local Settings\Temporary Internet Files\Content.IE5\CTU7SPQF\v0407008[1].exe -> TrojanProxy.Cimuz.bg : Cleaned with backup
C:\Documents and Settings\Computer User\Local Settings\Temporary Internet Files\Content.IE5\ODQ7K9I3\tool1[1].txt -> TrojanDownloader.Small.bnt : Cleaned with backup
C:\Documents and Settings\Computer User\Local Settings\Temporary Internet Files\Content.IE5\TOW7H18D\tool2[1].txt -> Not-A-Virus.Hoax.Renos.p : Cleaned with backup
C:\Documents and Settings\Computer User\My Documents\Firefox Setup 1.0.7.exe -> Worm.Niklas.y : Cleaned with backup
C:\Program Files\winsupdater\a.tmp -> Worm.VB.an : Cleaned with backup
C:\Program Files\winsupdater\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Program Files\winsupdater\winsupdater.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\250 HTML and Web Design Secrets.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Adobe GoLive CS2 8.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\AnyDVD 3.9.1.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Blaze VideoMagic 1.0.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Dating for Sex, an eBook Collection.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Digital Audio Editor 2.9.1.475.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVDFab Platinum Edition 2.89.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\DVDIdle Pro 5.89.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Fat Joe - All Or Nothing (2005).zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Lord Of The Ring Audio Books.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Magic Ball 2.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Microsoft Antispyware.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Network Security Bible.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Norton Ghost 10.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Photo2DVD Studio 3.8.3.2.7.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PicturesToExe 4.42.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Pinnacle TitleDeko Pro 2.0.1634.1.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\Pop up Blocker Pro 7.0.5j.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\Uploads\PowerArchiver 2004 9.00.30.zip/Setup.exe -> Worm.VB.an : Error during cleaning
C:\Uploads\R-Drive Image 2.0 b2006 Cracked by MastiC.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Drive Image v1.1.1106 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Drive Image v1.1.1106.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Drive Image v1.1.1109 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Drive Image v1.1.1109.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Drive Image v1.1.1112 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Drive Image v1.1.1112.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Drive Image V1.1.1114 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Drive Image V1.1.1114.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-DriveImage v1.0.1022.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Guard v2.2.970 Regged by SCRiPTMAFiA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Mail v1.1.9605 Regged by SCRiPTMAFiA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio 2.00.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio Agent Emergency v2.0.819 Regged by SCRiPTMAFiA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio Agent v2.0.817 Regged by SCRiPTMAFiA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio Agent v2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio FAT NETWORK v2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio FAT v2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio Network Edition 2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio Network Edition v2.0 build 121047 by YAG.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio Network Edition v2.0 build 121047.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio Network Edition v2.0.121047 Regged by SCRiPTMAFiA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio NETWORK v2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio NTFS NETWORK v2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio NTFS v2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Studio Simple v2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-win 2000 switch 6.0 build 1021 crack by rev.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe and Clean v3.0 build 0886.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe and Clean v3.0.901.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe and Clean v3.5.1104.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe And Clean v4.0.1121 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe and Clean v4.0.1121.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe And Clean v4.0.1122 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe And Clean v4.0.1122.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe And Clean v4.1.1135 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe And Clean v4.1.1135.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Wipe And Clean v5.0.1167 Regged by SCRiPTMAFiA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R-Word v1.0.519 Regged by SCRiPTMAFiA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R.S.M Remote Service Management v4.2B.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\r0m4n's Crackme 1 Tutorial by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R2 Extreme Professional v1.65 WA PLUGIN by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R2-Extreme Pro v1.51.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R2-Extreme WA2 Pro v1.65.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Uploads\R2extreme wa2 v1.65 pro by tsrh.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
&
  • 0

#4
Crissy17

Crissy17

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Sorry I had to post again because the other stuff didn't show up in my previous post

   smitRem log file
	 version 2.7

	 by noahdfear

The current date is: Sun 10/23/2005 
The current time is: 15:17:33.67

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 checking for ShudderLTD key

ShudderLTD key not present!

 checking for PSGuard.com key


PSGuard.com key not present!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 Existing Pre-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~

Install.dat


 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~


 ~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



   Remaining Post-run Files


 ~~~ Program Files ~~~



 ~~~ Shortcuts ~~~



 ~~~ Favorites ~~~



 ~~~ system32 folder ~~~



 ~~~ Icons in System32 ~~~



 ~~~ Windows directory ~~~



 ~~~ Drive root ~~~



 ~~~ Miscellaneous Files/folders ~~~




 ~~~ Wininet.dll ~~~

 CLEAN! :)

Logfile of HijackThis v1.99.1
Scan saved at 5:13:56 PM, on 10/23/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\WINDOWS\Mixer.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_03\bin\jucheck.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\hijack this\HijackThis.exe

F2 - REG:system.ini: Shell=explorer.exe																									"C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O2 - BHO: Trixie.Bho - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - mscoree.dll (file missing)
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [MELIS] C:\WINDOWS\melis.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\\NeroCheck.exe
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra 'Tools' menuitem: Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - C:\WINDOWS\system32\mscoree.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: nucdrvdll - nucdrvdll. (file missing)
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\mdabohkm.dll
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: AVG6 Service (AvgServ) - GRISOFT(c) SOFTWARE s.r.o - C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe


I did the panda activescan but when I clicked "see report" nothing happened. I tried for 20 minutes and nothing happened.
Here is what panda activescan said
spyware- 70 Other threats- 332 :tazz:

Thanks for all your help:)
  • 0

#5
loophole

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Click here to download Pocket Killbox by Option^Explicit

Killing a RunningProcess
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Open Process Manager"
  • Find and Click on C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
  • Click on "Kill Process" button
  • Click Yes

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe"
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [SysMemory manager] c:\windows\system32\mdms.exe
O4 - HKCU\..\Run: [Shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O20 - Winlogon Notify: nucdrvdll - nucdrvdll. (file missing)
O20 - Winlogon Notify: style32 - C:\WINDOWS\
O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\system32\mdabohkm.dll


Now close all windows other than HiJackThis, then click Fix Checked


Now open pocketkillbox Select the option "Delete on reboot".
Now highlight and 'copy' (Ctrl + C) the entire list of filepaths below:
Click 'File' on the killbox menu at the top and choose 'Paste from clipboard'
The entire list should now be in the "Full Path of File to Delete"
field.To check, click on the dropdown-arrow next to that field.
If you expand it, these lines should all be there

C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00003.exe
C:\Program Files\winsupdater
c:\windows\system32\mdms.exe
C:\WINDOWS\system32\mdabohkm.dll


Then press the red button with a white X in it.
Killbox will tell you that all listed files will be deleted on next reboot, click YES.When it asks if you would like to Reboot now, click YES.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP