Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

w32.alcra.f


  • This topic is locked This topic is locked

#1
pupabella

pupabella

    Member

  • Member
  • PipPip
  • 17 posts
hi and thank you for your warm welcome
can someone help me with walking me thru on how to remove this w32.alcra.f virus from my laptop
i have done a system scan with norton corporate edition, and it came up with over 1,600 files of this
virus. norton had put them in quarantine, but when i tried to delete them there was no success.
i got this virus two days ago, thru a shareware program called limewire. all music downloads went swell,
but when i tried to download a game called canasta, and unzipped the file, that's where all the trouble
started. for now i have uninstalled limwire in hoping that i am in control of my laptop, and not limewire
by just opening it's program on it's own.
here is my hjt report, after the complete script execution with bfu and hoping that someone can walk me thru this, thanking you in advance
pupabella

Logfile of HijackThis v1.99.1
Scan saved at 11:33:02 PM, on 12/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: RXResultTracker Class - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - C:\Program Files\RXToolBar\sfcont.dll (file missing)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\Icq\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\Icq\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g...ds_2_0_0_71.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - C:\Program Files\RXToolBar\sfcont.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE

Edited by pupabella, 03 December 2006 - 10:40 PM.

  • 0

Advertisements


#2
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
If they are in quarantine they can't harm you. Please download SUPERAntiSpyware Home Edition (free version)
  • Install it and double-click the icon on your desktop to run it.
  • It will ask if you want to update the program definitions, click Yes.
  • Under Configuration and Preferences, click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked:
    • Close browsers before scanning
    • Scan for tracking cookies
    • Terminate memory threats before quarantining.
    • Please leave the others unchecked.
    • Click the Close button to leave the control center screen.
  • On the main screen, under Scan for Harmful Software click Scan your computer.
  • On the left check C:\Fixed Drive.
  • On the right, under Complete Scan, choose Perform Complete Scan.
  • Click Next to start the scan. Please be patient while it scans your computer.
  • After the scan is complete a summary box will appear. Click OK.
  • Make sure everything in the white box has a check next to it, then click Next.
  • It will quarantine what it found and if it asks if you want to reboot, click Yes.
  • To retrieve the removal information for me please do the following:
    • After reboot, double-click the SUPERAntispyware icon on your desktop.
    • Click Preferences. Click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • It will open in your default text editor (such as Notepad/Wordpad).
    • Please highlight everything in the notepad, then right-click and choose copy.
  • Click close and close again to exit the program.
  • Please paste that information here for me with a new HijackThis log.

  • 0

#3
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Good morning Daemon, thank you for helping me out
here is the superantispyware scan log
in addition, just if you'd like to make a note, when i open my corporate edition of norton it takes a long time to open (laptop makes ticking sound) until program is open
and if i go into the quarantine folder, the program does not respond, and i have to end the program

SUPERAntiSpyware Scan Log
Generated 12/04/2006 at 08:49 AM

Application Version : 3.3.1020

Core Rules Database Version : 3141
Trace Rules Database Version: 1157

Scan type : Complete Scan
Total Scan Time : 00:10:06

Memory items scanned : 410
Memory threats detected : 0
Registry items scanned : 5941
Registry threats detected : 52
File items scanned : 29
File threats detected : 79

Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][5].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][6].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\user[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][4].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt

BHObj Class BHO
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\InprocServer32#ThreadingModel
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\ProgID
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\Programmable
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\TypeLib
HKCR\CLSID\{8F4E5661-F99E-4B3E-8D85-0EA71C0748E4}\VersionIndependentProgID

Adware.RX Toolbar
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\InprocServer32#ThreadingModel
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\ProgID
HKCR\CLSID\{59879FA4-4790-461C-A1CC-4EC4DE4CA483}\VersionIndependentProgID

Unclassified.Unknown Origin
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\InprocServer32#ThreadingModel
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\KeyPhrasesFileName
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\ProgID
HKCR\CLSID\{2AB289AE-4B90-4281-B2AE-1F4BB034B647}\VersionIndependentProgID

Adware.MyWay
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\0\win32
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\FLAGS
HKCR\TypeLib\{0494D0D0-F8E0-41AD-92A3-14154ECE70AC}\1.0\HELPDIR
HKLM\Software\MyWay
HKLM\Software\MyWay\myBar
HKLM\Software\MyWay\myBar#Dir
HKLM\Software\MyWay\myBar#ShzmCurInstall
HKLM\Software\MyWay\myBar#pid
HKLM\Software\MyWay\myBar#strings
HKLM\Software\MyWay\myBar#CurInstall
HKLM\Software\MyWay\myBar#sr
HKLM\Software\MyWay\myBar#pl
HKLM\Software\MyWay\myBar#Id
HKLM\Software\MyWay\myBar#Build
HKLM\Software\MyWay\myBar#CacheDir
HKLM\Software\MyWay\myBar#HistoryDir
HKLM\Software\MyWay\myBar#Visible
HKLM\Software\MyWay\myBar#SettingsDir
HKLM\Software\MyWay\myBar#ConfigRevision
HKLM\Software\MyWay\myBar#ConfigRevisionURL
HKLM\Software\MyWay\myBar#ConfigDateStamp
HKLM\Software\MyWay\myBar#Maximized
HKLM\Software\MyWay\myBar\partner
HKLM\Software\MyWay\myBar\partner#bitmap
HKLM\Software\MyWay\myBar\partner#name
HKLM\Software\MyWay\myBar\partner#test
HKLM\Software\MyWay\myBar\partner#PM-Home
HKLM\Software\MyWay\myBar\partner#PM-Points
HKLM\Software\MyWay\myBar\partner#PM-Redeem
HKLM\Software\MyWay\myBar\partner#PM-Wallet
HKLM\Software\MyWay\myBar\partner#PM-Settings
C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
C:\Program Files\MyWay\myBar\1.bin
C:\Program Files\MyWay\myBar\History\search
C:\Program Files\MyWay\myBar\History
C:\Program Files\MyWay\myBar\Settings\prevcfg.htm
C:\Program Files\MyWay\myBar\Settings
C:\Program Files\MyWay\myBar
C:\Program Files\MyWay


and the hjt report

Logfile of HijackThis v1.99.1
Scan saved at 9:04:42 AM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\Icq\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\Icq\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g...ds_2_0_0_71.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
  • 0

#4
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

O2 - BHO: (no name) - {59879FA4-4790-461c-A1CC-4EC4DE4CA483} - (no file)
O18 - Filter: text/html - {2AB289AE-4B90-4281-B2AE-1F4BB034B647} - (no file)


Exit HijackThis when done. Reboot, rescan with HijackThis and post a new log here.
  • 0

#5
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hi daemon, and how are you?
here is the new hjt.log and again thank you for your time and effort in walking me thru all this.

Logfile of HijackThis v1.99.1
Scan saved at 5:39:15 PM, on 12/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijackthis\hijackthis\HijackThis.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [QCTRAY] C:\Program Files\ThinkPad\ConnectUtilities\QCTRAY.EXE
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [TPTRAY] C:\PROGRA~1\ThinkPad\UTILIT~1\TP98TRAY.EXE
O4 - HKLM\..\Run: [TPKMAPMN] C:\Program Files\ThinkPad\Utilities\TpKmapMn.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [NPDTray] C:\PROGRA~1\ThinkPad\UTILIT~1\NPDTray.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKLM\..\Run: [StorageGuard] "c:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [IBM Warranty Notification] "C:\Program Files\IBM\acp\ERTS0749\ERTS0749.exe /nointro"
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\Icq\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\Icq\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {1A781DED-C22D-4153-3213-A3211E29DF13} (GameDesire Card Games) - http://67.15.101.3/g...ds_2_0_0_71.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: PLSRemote Service (PLSRemoteSvc) - Unknown owner - C:\WINDOWS\SYSTEM32\PLSRemote.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
  • 0

#6
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
daemon, still it takes quite some time to open my norton antivirus corporate edition. as soon as i click on it to open it, (either the system tray icon, or on my desk top icon) my laptop starts making a lot of ticking noises, and after a good three minutes it opens.
before having caught this virus, it used to open immediatley. like i've stated in the very start of my log, that when i did a system scan about two or three days ago, it quarantined about 1,600 files with the name w32.alcra.f
thanks again
  • 0

#7
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
I'm good thanks. Your log looks OK - let's have a little dig deeper to see if anything is lurking. Download and save blacklight to your desktop. Doubleclick blbeta.exe, accept the agreement, click scan > next.

You'll see a list of all the items it found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (where xxxxxxx represents numbers). The application finds both bad files and legitimate ones. Copy and paste the log it generated in your next reply.

We should get a second opinion also - click here to run ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Paste the contents of the Panda scan report.
  • 0

#8
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
hi daemon
here is the fsbl.XXXXXlog

12/04/06 18:20:02 [Info]: BlackLight Engine 1.0.47 initialized
12/04/06 18:20:02 [Info]: OS: 5.1 build 2600 (Service Pack 2)
12/04/06 18:20:02 [Note]: 7019 4
12/04/06 18:20:02 [Note]: 7005 0
12/04/06 18:20:03 [Note]: 7006 0
12/04/06 18:20:03 [Note]: 7011 1384
12/04/06 18:20:03 [Note]: 7026 0
12/04/06 18:20:04 [Note]: 7026 0
12/04/06 18:20:32 [Note]: FSRAW library version 1.7.1020
12/04/06 18:35:46 [Note]: 7007 0
  • 0

#9
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
daemon, i've been trying to reply with the panda scan, and it's telling me that there are too many letters, i have to cut down on the message. how can i put it in here for you as an attachment?
  • 0

#10
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
i attached the active scan report from panda scan,
it was unbeleivable having seen that
it had 5,719 virus detected, and disinfected
spyware 52
hacking tools and root kits 5
dialers 3
suspicious files detected 1
  • 0

Advertisements


#11
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
panda scan report
  • 0

#12
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
[attachment=12024:attachment]hi daemon, i am sorry but i am not really sure if i am doing this ok, if not please let me know.
please forgive me for the prior extra messages.
thanks again

Edited by pupabella, 04 December 2006 - 09:10 PM.

  • 0

#13
Daemon

Daemon

    Security Expert

  • Retired Staff
  • 4,356 posts
  • MVP
OK, I want you to run another application. Download AVG Anti-Spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
    IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode.
Post the results of the AVG Anti-Spyware report scan together with a new HijackThis log.

Also, repeat the Panda scan - hopefully it will be a lot shorter now.
  • 0

#14
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Good morning Daemon, how are you? hope all is well
again, and again, ty for your guidance and help
looks like the lights are starting to shine at the end of this tunnel

here is the report scan from AVG-Anti-Spyware

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:22:02 AM 12/5/2006

+ Scan result:



C:\Program Files\Altnet -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\cran.cvd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\emalware.ivd.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\plugins.cab.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\Altnet\My Altnet Shares\Bullguard Protection\update.txt.cab -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP366\A0030239.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030317.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030321.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030325.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030326.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030327.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030329.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030330.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030331.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030332.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030334.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032721.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032725.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032729.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032730.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032731.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032733.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032734.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032735.dll -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032736.exe -> Adware.Altnet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032738.dll -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Adware.Aws : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP366\A0030243.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030319.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032723.dll -> Adware.BrilliantDigital : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP335\A0029362.exe -> Adware.Comet : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK -> Adware.Gator : Cleaned with backup (quarantined).
C:\Program Files\INSTAFINK\instafink.dll -> Adware.Gator : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030349.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP368\A0030361.dll -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032740.DLL -> Adware.IESearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032770.dll -> Adware.IESearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\PerfectNav -> Adware.KeenValue : Cleaned with backup (quarantined).
C:\Program Files\AWS\WeatherBug\Install\MiniBug.exe -> Adware.Minibug : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj.1 -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CLSID -> Adware.MoneyTree : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\DyFuCA_BH.SinkObj\CurVer -> Adware.MoneyTree : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP365\A0030198.DLL -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP365\A0030199.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP365\A0030200.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030259.DLL -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030261.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP367\A0030262.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032665.cpl -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032668.exe -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032696.DLL -> Adware.P2PNet : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP365\A0030229.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP370\A0030417.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP401\A0032695.dll -> Adware.RXToolbar : Cleaned with backup (quarantined).
HKU\S-1-5-21-4083276972-193412932-3430892138-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP410\A0034018.exe -> Backdoor.Rbot : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Comsoft -> Dialer.Generic : Cleaned with backup (quarantined).
HKLM\SOFTWARE\WindowsRTS -> Dialer.Generic : Cleaned with backup (quarantined).
HKU\S-1-5-21-4083276972-193412932-3430892138-1004\Software\Comsoft -> Dialer.Generic : Cleaned with backup (quarantined).
C:\WINDOWS\wsem215.dll -> Downloader.Dyfuca.do : Cleaned with backup (quarantined).
C:\WINDOWS\wsem214.dll -> Downloader.Dyfuca.dr : Cleaned with backup (quarantined).
C:\WINDOWS\nem213.dll -> Downloader.Dyfuca.k : Cleaned with backup (quarantined).
C:\WINDOWS\wsem216.dll -> Downloader.Dyfuca.z : Cleaned with backup (quarantined).
C:\WINDOWS\system32\PLSRemote.exe -> Not-A-Virus.RemoteAdmin.Win32.PLSRemot : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.11:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.16:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.17:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.8:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.9:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.Addynamix : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.16:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.23:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.24:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][2].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.31:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][2].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.57:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Com : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.21:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.23:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][2].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][2].txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.41:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.58:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][2].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][3].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.29:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.30:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Need2find : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.53:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\User\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.20:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.20:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.21:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.22:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\q0icktgn\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.27:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.28:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.Trafficmp : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.Valueclick : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.54:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.55:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.56:C:\Documents and Settings\User\Application Data\Netscape\NSB\Profiles\gjgviard.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{14157744-4FA2-4CAF-BAFB-72CC49941087}\RP410\A0034019.exe -> Worm.VB.dw : Cleaned with backup (quarantined).


::Report end
  • 0

#15
pupabella

pupabella

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
here is the activescan.txt from panda scan


Incident Status Location

Adware:adware/cydoor Not disinfected C:\WINDOWS\system32\cd_clint.dll
Dialer:dialer.cge Not disinfected c:\windows\system32\wininetd.exe
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Adware:adware/windowenhancer Not disinfected c:\windows\system32\SBUtils
Potentially unwanted tool:application/need2find Not disinfected c:\program files\Need2Find
Adware:adware/gator Not disinfected c:\documents and settings\all users\start menu\programs\GAIN Publishing
Spyware:spyware/dluca Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{B7156514-A76C-4545-9D5B-A4E1D02C7AEC}
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/rxtoolbar Not disinfected Windows Registry
Dialer:dialer.yc Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\shareddlls\c:\windows\downloaded program files\unidist.ocx
Adware:adware/instafinder Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_CLASSES_ROOT\Interface\{0494D0D4-F8E0-41AD-92A3-14154ECE70AC}
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\pupabella\Cookies\[email protected][1].txt
Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\User\Cookies\[email protected][1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\User\Cookies\[email protected][2].txt
Possible Virus. Not disinfected C:\Program Files\Netscape\Netscape Browser\components\msgMapi.dll
Potentially unwanted tool:Application/Need2Find Not disinfected C:\Program Files\Netscape\Netscape Browser\plugins\NPNd2fn.dll
Dialer:Dialer.Gen Not disinfected C:\WINDOWS\system32\HornyCam_il-uninstall.exe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP