Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT log


  • Please log in to reply
6 replies to this topic

#1 burnddrumma

burnddrumma

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 18 July 2005 - 02:09 PM

my computer has been having problems with it's C drive, every time I log on to my desktop, the toolbar warns me of extremely low disk space, so I free about 100 MB up, but the next time I log on, it's filled again. i've tried ad-aware several times but it doesn't help. I got HJT, but I have no idea what this means:

Logfile of HijackThis v1.99.1
Scan saved at 12:05:59 PM, on 7/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\rroorvrr\RQQDEohN.exe
D:\Program Files\iTunesHelper.exe
C:\WINDOWS\System32\secserv.exe
C:\WINDOWS\System32\p2pnetworking.exe
C:\WINDOWS\System32\secserv.exe
C:\Program Files\iPod\iPod Update 2004-04-28\bin\iPodService.exe
D:\Ian\aim95\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Ian Query\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red%20robin/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: (no name) - {05B2225C-B52D-D9AF-872F-BAA94D3C5FFA} - C:\WINDOWS\etkp.dll
O2 - BHO: (no name) - {532F0E5B-E3C5-8A6A-EB48-CAEEFD80BDE4} - C:\WINDOWS\System32\vadyedlm.dll
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - c:\winnt\temp\zcnmpwjcfal.dll
O2 - BHO: ServerSide - {7FC56022-4EDA-472E-8830-7CA92CCBD025} - C:\Program Files\NetMeeting\SS\ServerSide.dll
O2 - BHO: KGhost - {968BC8A3-7660-4B12-B2BF-3334775835E1} - C:\Program Files\NetMeeting\KG\KGhost.dll
O2 - BHO: (no name) - {A841CDCF-2505-19A4-7D21-0CC2CF2247E3} - C:\WINDOWS\System32\whv.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O2 - BHO: WebBar Class - {EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} - C:\PROGRA~1\APPLIE~1\Bar.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe"
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitebof32.exe
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\RunServices: [svchosts] svchosts.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O4 - HKCU\..\Run: [AIM] D:\Ian\aim95\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: AimTalk 2.0.2003.lnk = D:\Ian\aim95\Aimtalk.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Ian\aim95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Dell Home - {0D675380-AF56-11D3-9FF7-F02B4FC10000} - http://www.dell.com/ (file missing) (HKCU)
O9 - Extra button: Ebates - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\calsp.dll
O16 - DPF: {67925165-C4B6-11D2-B9C6-0000E84F59A6} - http://www.entertaindom.com/content/multip...ta/bdeinsta.cab
O16 - DPF: {87067F04-DE4C-4688-BC3C-4FCF39D609E7} - http://download.websearch.com/Dnl/T_50151/QDow_AS2.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver...soft/wtinst.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\iPod Update 2004-04-28\bin\iPodService.exe
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
O23 - Service: ZESOFT - Unknown owner - C:\WINDOWS\zeta.exe (file missing)

any help would be MUCH appreciated :thumbsup:

BC AdBot (Login to Remove)

 


m

#2 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:05 AM

Posted 22 July 2005 - 09:03 AM

Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

First:
Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display "Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates


Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    • You will need to step through the process of cleaning files one-by-one.
    • If ewido detects a file you KNOW to be legitimate, select none as the action.
    • DO NOT select "Perform action on all infections"
    • If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.

Reboot and post a fresh HJT log, along with the Ewido log. :thumbsup:

#3 burnddrumma

burnddrumma
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 25 July 2005 - 07:08 PM

alright I downloaded the ewido program, but every time I try to run a full system scan, the program disappears after 0.1% completion and doesn't come back.

#4 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:05 AM

Posted 25 July 2005 - 07:23 PM

I'm not surprised.. your system is a mess.

Please Download LSPFix from http://www.cexx.org/lspfix.htm and Run the Program. Disconnect from the Internet and close all Internet Explorer Windows. Check the "I know what I'm doing" Button and remove all traces of calsp.dll and nothing else . Reboot.

Put a checkmark next to the following entries in HijackThis. Make sure all
other windows and browsers are closed before clicking on “Fix Checked”
.

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: Band Class - {00027925-0017-4faf-9539-90E4AC0B9EC5} - C:\WINDOWS\eltt.dll
O2 - BHO: (no name) - {05B2225C-B52D-D9AF-872F-BAA94D3C5FFA} - C:\WINDOWS\etkp.dll
O2 - BHO: (no name) - {532F0E5B-E3C5-8A6A-EB48-CAEEFD80BDE4} - C:\WINDOWS\System32\vadyedlm.dll
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - c:\winnt\temp\zcnmpwjcfal.dll
O2 - BHO: (no name) - {A841CDCF-2505-19A4-7D21-0CC2CF2247E3} - C:\WINDOWS\System32\whv.dll (file missing)
O4 - HKLM\..\Run: [winupdate] C:\Program Files\winupdate\winupdate.exe /auto
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [checkrun] C:\windows\system32\elitebof32.exe
O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKLM\..\RunServices: [svchosts] svchosts.exe
O4 - HKLM\..\RunServices: [p2pnetworking] p2pnetworking.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} (WildTangent Control) - http://www.wildtangent.com/install/wdriver...soft/wtinst.cab
O23 - Service: ISEXEng - Unknown owner - C:\WINDOWS\System32\angelex.exe (file missing)
********************************************************

Reboot, and then try running Ewido again. post a fresh HJT log when you are done.

Just an FYI, this is what happens when you run an unpatched system (and Kazaa) with no Anti-Virus, firewall, or spyware blocker. :thumbsup:

#5 burnddrumma

burnddrumma
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 30 July 2005 - 04:04 PM

yeah, i'm guilty of using kazaa :thumbsup: but those days are long over.

here's how the scanning went down:

-I did the LSPFix thing
-I did HJT and checked the boxes
-ran ewido, found over 5000 infected objects
-while cleaning the objects, I deleted files in two folders (but not the folders themselves) "program files/ares" and "C:/uploads" because they were full of zip files, all of which looked like spyware, so I deleted over 2 gigs worth of zip files.
-ran HJT again

here's the ewido log and post-ewido HJT log:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:46:29 PM, 7/30/2005
+ Report-Checksum: DC73CC96

+ Scan result:

HKLM\SOFTWARE\Adlogix -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\backup\EliteBar -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000240} -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B90AA1B-F649-44C3-9FD3-736C332CBBCF} -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5483427F-93B8-1470-5A89-E6B56484CDB2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5FA6752A-C4A0-4222-88C2-928AE5AB4966} -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{60B25924-C865-11D2-B0C1-000000000000} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6DF5E318-6994-4A41-85BD-45CCADA616F8} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} -> Spyware.GameSpyArcade : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FC56022-4EDA-472E-8830-7CA92CCBD025} -> Spyware.Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{968BC8A3-7660-4B12-B2BF-3334775835E1} -> Spyware.Top-banners : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.NewtonKnows : Cleaned with backup
HKLM\SOFTWARE\Classes\Common.Buttons -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\IEEnhancer.IEEhncrObj -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\IEEnhancer.IEEhncrObj\CLSID -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\IEEnhancer.IEEhncrObj\CurVer -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SWin32.SDWin32.1 -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\SWin32.SDWin32.1\CLSID -> Spyware.Adlogix : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{BAF13496-8F72-47A1-9CEE-09238EFC75F0} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{F5EE52D3-2ECC-409E-A92F-A73F2B8DD407} -> Spyware.HiWire : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtension -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtension\CLSID -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Classes\WinAffiliateBHO.WinAffiliateIEExtension\CurVer -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\MaxSpeed -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67925165-C4B6-11D2-B9C6-0000E84F59A6} -> Spyware.BrilliantDigital : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{87067F04-DE4C-4688-BC3C-4FCF39D609E7} -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{5886A6DC-AAF4-45E9-979A-8E5E6DEE30E7} -> Spyware.TotalVelocity : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5483427F-93B8-1470-5A89-E6B56484CDB2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7FC56022-4EDA-472E-8830-7CA92CCBD025} -> Spyware.Hijacker.Generic : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{968BC8A3-7660-4B12-B2BF-3334775835E1} -> Spyware.Top-banners : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE392A64-F30B-47C8-A363-CDA1CEC7DC1B} -> Spyware.NewtonKnows : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DisplayUtility -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MirrorUnder -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpiderSidebar -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\unebmm350 -> Spyware.MoneyMaker : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\UrlSidebar -> Spyware.ClearSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\ohbbackup -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\ohbbackup\EliteBar -> Spyware.EliteBar : Cleaned with backup
HKLM\SOFTWARE\picsvr -> Spyware.Delfin : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Security -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ISEXEng\Enum -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinIK -> Spyware.CommonName : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\Security -> Spyware.CommonName : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\WinIK\Enum -> Spyware.CommonName : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Spyware.NaviSearch : Cleaned with backup
HKU\S-1-5-19\Software\Hotbar -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-19\Software\Hotbar\hotbar -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-19\Software\Hotbar\hotbar\links -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-19\Software\Hotbar\hotbar\options -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-20\Software\Hotbar -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-20\Software\Hotbar\hotbar -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-20\Software\Hotbar\hotbar\links -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-20\Software\Hotbar\hotbar\options -> Spyware.HotBar : Cleaned with backup
HKU\S-1-5-21-436374069-492894223-1060284298-1004\Software\intexp -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-436374069-492894223-1060284298-1004\Software\intexp\Config -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-436374069-492894223-1060284298-1004\Software\intexp\MyFileSystem2 -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-436374069-492894223-1060284298-1004\Software\LQ -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-436374069-492894223-1060284298-1004\Software\Microsoft\Internet Explorer\Extensions\{6685509E-B47B-4f47-8E16-9A5F3A62F683} -> Spyware.MoneyMaker : Cleaned with backup
HKU\S-1-5-21-436374069-492894223-1060284298-1004\Software\Mvu -> Spyware.Delfin : Cleaned with backup
HKU\S-1-5-21-436374069-492894223-1060284298-1004\Software\picsvr -> Spyware.Delfin : Cleaned with backup
[1716] C:\PROGRA~1\rroorvrr\RQQDEohN.dll -> Spyware.BabeIE : Cleaned with backup
[1892] C:\PROGRA~1\rroorvrr\RQQDEohN.dll -> Spyware.BabeIE : Error during cleaning
[1924] C:\PROGRA~1\rroorvrr\RQQDEohN.dll -> Spyware.BabeIE : Error during cleaning
[2032] C:\PROGRA~1\rroorvrr\RQQDEohN.exe -> Spyware.CommonName : Cleaned with backup
[164] C:\WINDOWS\system\dguttsds.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
[112] C:\PROGRA~1\rroorvrr\RQQDEohN.dll -> Spyware.BabeIE : Error during cleaning
[1960] C:\PROGRA~1\rroorvrr\RQQDEohN.dll -> Spyware.BabeIE : Error during cleaning
C:\WINDOWS\SYSTEM\dguttsds.exe -> TrojanDownloader.Small.ayh : Cleaned with backup
C:\WINDOWS\Profiles\All Users\Application Data\wsxs\patchme.exe -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\Archive Hentai-uninstall.exe -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\svchosts.exe -> Backdoor.SdBot : Cleaned with backup
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\calsdr.exe -> TrojanDropper.Small.ff : Cleaned with backup
C:\WINDOWS\SYSTEM32\calsdr.dll -> TrojanDownloader.Rameh.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\ms.exe -> TrojanDownloader.Vb.Cw : Cleaned with backup
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/exdl.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/exul.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/javexulm.vxd -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/bbchk.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/msexreg.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\netut80ex.vxd/C:/WINDOWS/System32/instsrv.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\SYSTEM32\nsvsvc\nsvsvc.exe -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsvs.dll -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\nsvsvc\nsv.ocx -> Spyware.Delfin : Cleaned with backup
C:\WINDOWS\SYSTEM32\Gbi1r6.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\WINDOWS\SYSTEM32\KrwH5f.exe -> Backdoor.VB.oq : Cleaned with backup
C:\WINDOWS\SYSTEM32\sccsccp.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\WINDOWS\SYSTEM32\Fwem24V7.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\WINDOWS\SYSTEM32\a5wu37rd.exe -> Spyware.F1Organizer : Cleaned with backup
C:\WINDOWS\SYSTEM32\DbhA2.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cjz1K.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\WINDOWS\SYSTEM32\first.exe -> Spyware.F1Organizer : Cleaned with backup
C:\WINDOWS\SYSTEM32\third.exe -> Spyware.F1Organizer : Cleaned with backup
C:\WINDOWS\SYSTEM32\picsvr\picsvr.exe -> TrojanDownloader.Delmed.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\CLRVIDDC.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\MFCUIW32.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\lfras80n.exe -> Spyware.UrlSpy : Cleaned with backup
C:\WINDOWS\SYSTEM32\VsbW.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\WINDOWS\SYSTEM32\Kkyqfy.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\WINDOWS\SYSTEM32\HkiX3S.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\WINDOWS\SYSTEM32\Pem5Hb08.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\WINDOWS\SYSTEM32\Searchx.htm -> Spyware.TwainTech : Cleaned with backup
C:\WINDOWS\SYSTEM32\gpkru1.exe -> TrojanDownloader.Apropo.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\ADStartUp.exe -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\SYSTEM32\Bwd9m.exe -> TrojanDownloader.VB.em : Cleaned with backup
C:\WINDOWS\SYSTEM32\apisvc.exe -> Backdoor.Lamebot.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\lfica80n.exe -> Spyware.IEDriver : Cleaned with backup
C:\WINDOWS\SYSTEM32\istinstall_adlogix.exe -> TrojanDownloader.IstBar.er : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitexom32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitepjg32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitegyj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteutj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitejel32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteukk32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitebof32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\p2pnetworking.exe -> Backdoor.Rbot.rc : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitehxt32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\elitemoj32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\SWin32.dll -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\SYSTEM32\automove.exe -> Spyware.Adstart : Cleaned with backup
C:\WINDOWS\SYSTEM32\trans.exe -> TrojanDownloader.Alogics.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\InetFuel.exe -> Spyware.MetaDirect.a : Cleaned with backup
C:\WINDOWS\SYSTEM32\carules.dll -> Spyware.Coupon : Cleaned with backup
C:\WINDOWS\SYSTEM32\calsp.dll -> TrojanDownloader.Agent.br : Cleaned with backup
C:\WINDOWS\SYSTEM32\msedpb.exe -> Trojan.Small.i : Cleaned with backup
C:\WINDOWS\SYSTEM32\xIUXGKQNAQL.exe -> TrojanDownloader.Agent.am : Cleaned with backup
C:\WINDOWS\SYSTEM32\lѕass.exe -> Spyware.PurityScan : Cleaned with backup
C:\WINDOWS\Temporary Internet Files\Content.IE5\Y9K9S1O9\website[1].ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\Temporary Internet Files\Content.IE5\SGN1PAMK\website[1].ocx -> TrojanDownloader.Agent.ex : Cleaned with backup
C:\WINDOWS\IEXPLOR.EXE -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\MM32.exe -> TrojanDownloader.Small.aak : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@ads.adorigin[1].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
C:\WINDOWS\Cookies\anyuser@www.popuptraffic[2].txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
C:\WINDOWS\systb.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\remtm3.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\eltupt.exe -> TrojanDownloader.OneClickSearch.k : Cleaned with backup
C:\WINDOWS\96wu19rd.exe -> Spyware.F1Organizer : Cleaned with backup
C:\WINDOWS\XtTb.exe -> Spyware.PowerZone.a : Cleaned with backup
C:\WINDOWS\istinstall_si.exe -> TrojanDownloader.Small.gl : Cleaned with backup
C:\WINDOWS\dhp2.dll -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\cxtpls_loader.exe -> Spyware.AproposMedia : Cleaned with backup
C:\WINDOWS\Dnudv.exe -> Backdoor.Agent.bg : Cleaned with backup
C:\xz.exe -> Backdoor.Rbot.rc : Cleaned with backup
C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe -> Spyware.Delfin : Cleaned with backup
C:\Program Files\NetMeeting\KG\KGhost.dll -> Spyware.KGhost : Cleaned with backup
C:\Program Files\NetMeeting\KG\KGhostReg.exe -> Spyware.KGhost : Cleaned with backup
C:\Program Files\NetMeeting\SS\ServerSide.dll -> Spyware.PowerZone : Cleaned with backup
C:\Program Files\eXact\exactUpdate.exe -> Adware.eXact : Cleaned with backup
C:\Program Files\eXact\eXactToolbar.dll -> Adware.eXact : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.290 Multilingual by ACME.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.8.0.89 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K Database Magic 1.0.5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-CD 2.6.231.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-CD v2.6.231.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-CD v2.6.231 All Registrations.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Chess Elite v3.0a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-FTP OCX VB6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-FTP v3.2.418 ActiveX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-FTP v4.0.464.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-FTP v4.2.472.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-FTP v4.2.472 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-FTP v4.3.487.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-FTP v4.3.487 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-FTP v4.3.487 by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-FTP v4.5.493 by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Hawk Survival Instinct Plus 3 Trainer by iMSDOX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MAIL 3.7.259.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail 3.9.270.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail 4.1.284.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail OCX VB6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MAIL v3.1.137 ActiveX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MAIL v3.10.277.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MAIL v3.10.277 by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MAIL v3.3.168.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MAIL v3.4.200.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail v3.4.214.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail v3.9.270.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail v3.9.275.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail v3.9.275 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail v3.9.277.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail v3.9.277 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MAIL v4.0.283.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MAIL v4.0.283 by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail v4.1.284.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-Mail v4.1.284 by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML 3.17.319.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML 3.2.114.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML 3.4.176.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML 3.5.202.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML 3.6.216.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML 3.7.222.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML 3.8.233.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML 3.9.257.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.4.169.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.5.202.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.272.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.272 by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.272 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.277 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.279.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.279 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.279 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.288.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.288 All Registrations.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.288 Multilingual by ACME.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.290.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.290 All Registrations.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.290 Multilanguage.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.387.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.10.387 Multilingual by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.11.296.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.11.296 Multilanguage.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.11.296 Multilingual by ACME.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.11.298.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.11.298LINGUAl.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.11.298 Multilingual by ACME.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.11.298 MULTILINGUAl REGGED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.12.301.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.12.301 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.13.308-DiB.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.13.308.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.13.308 Regged by DiB.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.13.310.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.13.310 READNFO by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.14.314 by ACME.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.17.319.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.17.319 by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.18.320-ER8.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.18.320 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.19.326 by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.20.328 by BRD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.21.331-ER8.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.4.150.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.4.172.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.5.200.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.5.213.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.6.215.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.6.216.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.8.241.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.8.245.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.8.245 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.8.247.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.8.248 by ACME.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.8.250.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.8.250 by EPS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.8.250 REGGED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.9.252 by EPS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.9.253 by EPS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.9.263 Multilanguage by EPS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-ML v3.9.266 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 4.0.77.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 5.1.1.35.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 5.11.2.97.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 5.8.0.88.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.5.0.53.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v4.1.86.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.0.0.25.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.00.20.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.00.20 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.00.25.RC2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.00.29 Final.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.00.30.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.1.1.35 by DBZ.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.1.1.35 by Epsilon.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.1.3.40 by EPS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.11.2.97 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.12.0.100 by ACME.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.12.1.105 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.5.0.53 by MP2K.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.5.0.53 Keygen by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.5.0.53 Serial by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.6.0.61 by FFF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.6.0.61 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.6.0.61 REPACK by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.6.1.75 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.6.1.75 Keygen Only-UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.6.1.75 Multilanguage by TBE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.7.0.81.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.7.0.81 All Registrations.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.7.0.81 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.7.1.82.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.7.1.82 Multilingual by ACME.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.8.0.88.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.8.0.88 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.8.0.89.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.9.0.89.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.9.0.89 Multilanguage by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.9.0.89 Multilanguage Regged by EiTheL.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.9.1.90.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.9.1.90 Multilanguage.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.9.1.90 Multilanguage by NiTROUS.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MP3 v5.x.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MX v1.0.8.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MX v1.1.11.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K-MX v1.1.11 by PH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K2000 Deluxe v1.10.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K3ccdtools2ver 2.0.1.812 patch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K3ccdtools 2.0.1.810 crack by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K3ccdtools 2.0.1.812 crack by tsrh.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K3CCDTools 2 v2.0.1.812.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K3CCDTools v2.0.1.812.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\K3CCDTools v2.0.1.812 by TSRH.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaan NoCD Patch by gimpsRus.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaan Trainer by FLTDOX.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam 2.2.4.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam 1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam 2.0.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam v1.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam v2.0.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam v2.0.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam v2.0.3.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KabCam v2.0.3 by FP.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam v2.0.3 by UCF.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KabCam v2.0 Beta 6.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam v2.1 Keygen.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam v2.1 Patch.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam v2.2.1.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\KABcam v2.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kabe JAP Unlocker by iND.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom 1.00.0017.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom Cola 2.00a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom! Cola v1.30a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom 5.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom Cola v1.10a PLUS 2 TRAINER by PiZZA.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom Cola v1.30a.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom Cola v1 20a Plus 2 Trainer-SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom Cola v1 20a Plus 2 Trainer by SEiZE.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom Contact Magic 2.0.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom Organizer 3.2.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom v1.00.0015.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom v1.00.0015 by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Cleaned with backup
C:\Program Files\Ares\My Shared Folder\Kaboom v1.00.0017 by ORiON.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kaela v2005 Multilanguage by TBE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kafe Kontrol v3.6.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kagayaki III Standard.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kagayaki IV 4.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kahli DeskMate v2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kai Power Tools 6.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kai's Power Tools Goo 1.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kai's Power Tools 6.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kai's SuperGOO v1.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\KaiJin Crack by FFF.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\KaiJin Trainer by FFF.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kaionesoft sprintdb pro printing 2.2 pocket pc.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kaionesoft sprintdb pro printing 2.2 pocket pc by tsrh.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\KaioneSoft SprintDB Pro Printing v2.2 for PocketPC.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kajima Reals 3D v2.030607.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\KAJIMA REALS 3D V2.040426-Lz0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\KakSoft Studio MPEG Splitter v1.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\KakSoft Studio MPEG Splitter v1.0 by AGAiN.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kala Vedic Astrology Software.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\KALA Vedic Astrology Software 2003.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\KALA Vedic Astrology Software 2003 Silent Update.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kaleidoscope 95.1.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kaleidoscope 95.1 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kaleidoscope 95.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kaleidoscope v3.11 v95.1.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\KaleidoScreen.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalendar 2.0.6 build 55.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalender 2.04.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalender 2.04r2b36.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalender v2.04.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalender v2.04r2b36.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalender v2.6 German.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.0.1.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.0.13.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.0.13 by TBE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.0.14.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.0.14 by TBE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.0.15.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.0.15 by CAFE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.0.15 by TBE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.0.16 by EMBRACE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.011.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.011 by TBE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalimages v1.014.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali 95 v1.99a.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali II v2.1a.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali II v2.3.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali v1.99d.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali v2.1a.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali v2.2.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali v2.2a by Chris!.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali v2.2a by niXXon.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali v2.2a by RAC.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali v2.3 by eBoLaViRuZ.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali v2.3 by Fede.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kali v2.613 READ NFO by DIGERATI.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalkulacje.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalkulacje Express v1.2.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalkulacje Express v1.2 by RCV.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalkulacje Express v1.2 by RP2K.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalkulator Odestkowy 1.3.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Kalkulator 2.27.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Hannibal fuer Windows v1.7 German by BLiZZARD.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Hansen Software Label Printer 3.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HanWang 2001 October.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HanWJ Chinese Input Engine v3.46 Bilingual.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HanWJ Chinese Input Engine v3.46 Bilingual Cracked by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HanWJ Chinese Notes v3.27 Bilingual.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HanWJ Chinese Notes v3.27 Bilingual Cracked by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HanWJ Chinese Smart Editor v3.49 Bilingual.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HanWJ Chinese Smart Editor v3.49 Bilingual Cracked by ViRiLiTY.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HanWJ Chinotes v3.33 Bilang by BEAN.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Hapak.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HapakPro All Versions.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HapakPro v1.13.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HAPAK PRO v1.3x - v1.4x.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Hapak v.xx.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyEO Standard Edition v3.06f.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon 2.60.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v1.22.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v1.50.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.0.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.01.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.01 by PC.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.01 by RAC.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.01 Keygen by Pain.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.01 Keygen by RXX.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.0 French.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.51 by Intension.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.51 by RAC.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.51 by TCA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.53.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.53 by LasH.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.53 NEW.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.54.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.55.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.56.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.56 by DBC.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.56 by Desperate.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.56 by DF.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.56 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.56 by EViDENCE.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.56 by Laxity.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.56 by Mamath.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.56 by TNT.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.60.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.60 by DBC.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.60 by Eminence.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.60 by RP2K.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.60 French.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.85.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.85 CRACKED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v2.87 CRACKED by LUCiD.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyIcon v4.10.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyJackRoad ADBWeather Plus v3.05 ARM PPC2002 Regged by COREPDA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyJackRoad PocketRSS v2.0.17 ARM PPC2002 Regged by COREPDA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\HappyJackRoad PocketRSS v2.0.18 ARM PPC Cracked by FTYPDA.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My Shared Folder\Happy Calendar v1.5.1.zip/setup.exe -> Trojan.Crypt.e : Error during cleaning
C:\Program Files\Ares\My

#6 burnddrumma

burnddrumma
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:05 AM

Posted 30 July 2005 - 04:08 PM

oops haha well the ewido log goes on, but here's the HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 1:55:26 PM, on 7/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
D:\Ian\security suite\ewidoctrl.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\QuickTime\qttask.exe
D:\Program Files\iTunesHelper.exe
C:\WINDOWS\System32\secserv.exe
D:\Ian\aim95\aim.exe
C:\WINDOWS\System32\secserv.exe
C:\Program Files\iPod\iPod Update 2004-04-28\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ian Query\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red%20robin/
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - c:\winnt\temp\itkxkjmdmjq.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar1.dll
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar1.dll
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunesHelper.exe"
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - HKCU\..\Run: [AIM] D:\Ian\aim95\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: AimTalk 2.0.2003.lnk = D:\Ian\aim95\Aimtalk.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Ian\aim95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Dell Home - {0D675380-AF56-11D3-9FF7-F02B4FC10000} - http://www.dell.com/ (file missing) (HKCU)
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - D:\Ian\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\iPod Update 2004-04-28\bin\iPodService.exe

thank you so much for all the help

#7 groovicus

groovicus

  • Security Colleague
  • 9,963 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Centerville, SD
  • Local time:01:05 AM

Posted 30 July 2005 - 04:17 PM

Kazaa has legitimate uses also, but you don't dare use it without protection in place.

Anyway, there is still a bunch there. Make sure your browser is closed when making the fixes, or they will not stick...

Boot into safe mode (tap f8) during the boot process:

Fix the following with HJT:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://red%20robin/
O1 - Hosts: 66.180.173.39 www.google.ae
O1 - Hosts: 66.180.173.39 www.google.am
O1 - Hosts: 66.180.173.39 www.google.as
O1 - Hosts: 66.180.173.39 www.google.at
O1 - Hosts: 66.180.173.39 www.google.az
O1 - Hosts: 66.180.173.39 www.google.be
O1 - Hosts: 66.180.173.39 www.google.bi
O1 - Hosts: 66.180.173.39 www.google.ca
O1 - Hosts: 66.180.173.39 www.google.cd
O1 - Hosts: 66.180.173.39 www.google.cg
O1 - Hosts: 66.180.173.39 www.google.ch
O1 - Hosts: 66.180.173.39 www.google.ci
O1 - Hosts: 66.180.173.39 www.google.cl
O1 - Hosts: 66.180.173.39 www.google.co.cr
O1 - Hosts: 66.180.173.39 www.google.co.hu
O1 - Hosts: 66.180.173.39 www.google.co.il
O1 - Hosts: 66.180.173.39 www.google.co.in
O1 - Hosts: 66.180.173.39 www.google.co.je
O1 - Hosts: 66.180.173.39 www.google.co.jp
O1 - Hosts: 66.180.173.39 www.google.co.ke
O1 - Hosts: 66.180.173.39 www.google.co.kr
O1 - Hosts: 66.180.173.39 www.google.co.ls
O1 - Hosts: 66.180.173.39 www.google.co.nz
O1 - Hosts: 66.180.173.39 www.google.co.th
O1 - Hosts: 66.180.173.39 www.google.co.ug
O1 - Hosts: 66.180.173.39 www.google.co.uk
O1 - Hosts: 66.180.173.39 www.google.co.ve
O1 - Hosts: 66.180.173.39 www.google.com
O1 - Hosts: 66.180.173.39 www.google.com.ag
O1 - Hosts: 66.180.173.39 www.google.com.ar
O1 - Hosts: 66.180.173.39 www.google.com.au
O1 - Hosts: 66.180.173.39 www.google.com.br
O1 - Hosts: 66.180.173.39 www.google.com.co
O1 - Hosts: 66.180.173.39 www.google.com.cu
O1 - Hosts: 66.180.173.39 www.google.com.do
O1 - Hosts: 66.180.173.39 www.google.com.ec
O1 - Hosts: 66.180.173.39 www.google.com.fj
O1 - Hosts: 66.180.173.39 www.google.com.gi
O1 - Hosts: 66.180.173.39 www.google.com.gr
O1 - Hosts: 66.180.173.39 www.google.com.gt
O1 - Hosts: 66.180.173.39 www.google.com.hk
O1 - Hosts: 66.180.173.39 www.google.com.ly
O1 - Hosts: 66.180.173.39 www.google.com.mt
O1 - Hosts: 66.180.173.39 www.google.com.mx
O1 - Hosts: 66.180.173.39 www.google.com.my
O1 - Hosts: 66.180.173.39 www.google.com.na
O1 - Hosts: 66.180.173.39 www.google.com.nf
O1 - Hosts: 66.180.173.39 www.google.com.ni
O1 - Hosts: 66.180.173.39 www.google.com.np
O1 - Hosts: 66.180.173.39 www.google.com.pa
O1 - Hosts: 66.180.173.39 www.google.com.pe
O1 - Hosts: 66.180.173.39 www.google.com.ph
O1 - Hosts: 66.180.173.39 www.google.com.pk
O1 - Hosts: 66.180.173.39 www.google.com.pr
O1 - Hosts: 66.180.173.39 www.google.com.py
O1 - Hosts: 66.180.173.39 www.google.com.sa
O1 - Hosts: 66.180.173.39 www.google.com.sg
O1 - Hosts: 66.180.173.39 www.google.com.sv
O1 - Hosts: 66.180.173.39 www.google.com.tr
O1 - Hosts: 66.180.173.39 www.google.com.tw
O1 - Hosts: 66.180.173.39 www.google.com.ua
O1 - Hosts: 66.180.173.39 www.google.com.uy
O1 - Hosts: 66.180.173.39 www.google.com.vc
O1 - Hosts: 66.180.173.39 www.google.com.vn
O1 - Hosts: 66.180.173.39 www.google.de
O1 - Hosts: 66.180.173.39 www.google.dj
O1 - Hosts: 66.180.173.39 www.google.dk
O1 - Hosts: 66.180.173.39 www.google.es
O1 - Hosts: 66.180.173.39 www.google.fi
O1 - Hosts: 66.180.173.39 www.google.fm
O1 - Hosts: 66.180.173.39 www.google.fr
O1 - Hosts: 66.180.173.39 www.google.gg
O1 - Hosts: 66.180.173.39 www.google.gl
O1 - Hosts: 66.180.173.39 www.google.gm
O1 - Hosts: 66.180.173.39 www.google.hn
O1 - Hosts: 66.180.173.39 www.google.ie
O1 - Hosts: 66.180.173.39 www.google.it
O1 - Hosts: 66.180.173.39 www.google.kz
O1 - Hosts: 66.180.173.39 www.google.li
O1 - Hosts: 66.180.173.39 www.google.lt
O1 - Hosts: 66.180.173.39 www.google.lu
O1 - Hosts: 66.180.173.39 www.google.lv
O1 - Hosts: 66.180.173.39 www.google.mn
O1 - Hosts: 66.180.173.39 www.google.ms
O1 - Hosts: 66.180.173.39 www.google.mu
O1 - Hosts: 66.180.173.39 www.google.mw
O1 - Hosts: 66.180.173.39 www.google.nl
O1 - Hosts: 66.180.173.39 www.google.no
O1 - Hosts: 66.180.173.39 www.google.off.ai
O1 - Hosts: 66.180.173.39 www.google.pl
O1 - Hosts: 66.180.173.39 www.google.pn
O1 - Hosts: 66.180.173.39 www.google.pt
O1 - Hosts: 66.180.173.39 www.google.ro
O1 - Hosts: 66.180.173.39 www.google.ru
O1 - Hosts: 66.180.173.39 www.google.rw
O1 - Hosts: 66.180.173.39 www.google.se
O1 - Hosts: 66.180.173.39 www.google.sh
O1 - Hosts: 66.180.173.39 www.google.sk
O1 - Hosts: 66.180.173.39 www.google.sm
O1 - Hosts: 66.180.173.39 www.google.td
O1 - Hosts: 66.180.173.39 www.google.tm
O2 - BHO: (no name) - {5483427F-93B8-1470-5A89-E6B56484CDB2} - c:\winnt\temp\itkxkjmdmjq.dll (file missing)
O2 - BHO: PEDEV_IEListener Class - {E1412445-4FF8-410e-8D24-F2CF86B171A4} - C:\Program Files\PeDevice\PeDev.dll (file missing)
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [secserv.exe] C:\WINDOWS\System32\secserv.exe
O4 - HKLM\..\Run: [C:\WINDOWS\VCMnet11.exe] C:\WINDOWS\VCMnet11.exe
O4 - Startup: PowerReg Scheduler.exe
O4 - Startup: PowerReg Scheduler V3.exe

While still in safe mode, run Ewido again, and then reboot and post a fresh HJT log. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users