Alcan Worm - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Alcan Worm Ran the Script

#1 jduke367

  • Group: Member
  • Posts: 3
  • Joined: 22-December 06

Posted 22 December 2006 - 02:05 PM

Logfile of HijackThis v1.99.1
Scan saved at 2:02:02 PM, on 12/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Jeremy\LOCALS~1\Temp\clclean.0001
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\IGN\Download Manager\DLM.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\bfu\BFU.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [GameXL] "C:\Program Files\Game Accelerator\gamexl.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166768997609
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

#2 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 22 December 2006 - 05:37 PM

Hi jduke367

Welcome to GTG! :whistling:

* Download the free version of AVG Anti-Spyware 7.5 here.
  • Click on the "Download Now" button and save the setup file to your desktop.
  • Doubleclick on the avgas-setup file to begin the installation.
  • When the installation is complete, open AVG Anti-Spyware and update the definition files.
  • On the main screen click on the "Update now" link and the update should begin immediately.
    • If the update does not begin, select the "Start Update" button, the update will start and a progress bar will show the updates being installed.

  • When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

  • If you cannot download the updates, update manuallly according to the directions here.
  • If you do the manual update, look under "Full database" and click the "Download now" button.
  • DO NOT run a scan yet. You will do that later in safe mode.

* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run AVG Anti-Spyware:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • It will then begin the scanning process, be patient it may take a while for the scan to complete.
  • When the scan is complete, you must select an action.
  • Select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen
  • Save the report as a text file and save it to your desktop.
  • Close AVG Anti-Spyware.

* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the AVG Anti-Spyware scan.

#3 jduke367

  • Group: Member
  • Posts: 3
  • Joined: 22-December 06

Posted 22 December 2006 - 09:12 PM

Here is my New Hijack log.

Logfile of HijackThis v1.99.1
Scan saved at 9:07:00 PM, on 12/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\Rundll32.exe
C:\DOCUME~1\Jeremy\LOCALS~1\Temp\clclean.0001
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Hijackthis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [GameXL] "C:\Program Files\Game Accelerator\gamexl.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\IGN\Download Manager\DLM.exe /windowsstart /startifwork
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1166768997609
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

And Here is my AVG Log.

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:55:46 PM 12/22/2006

+ Scan result:



C:\System Volume Information\_restore{D91CAB8F-C109-4F43-8F7E-B6BAA6B6AF74}\RP46\A0002669.exe -> Backdoor.Rbot : Cleaned.
C:\System Volume Information\_restore{D91CAB8F-C109-4F43-8F7E-B6BAA6B6AF74}\RP11\A0000909.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned.
:mozilla.110:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.111:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Jeremy\Cookies\jeremy@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.27:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.53:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.54:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.16:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.19:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.20:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.15:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.59:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Clickbank : Cleaned.
:mozilla.68:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.107:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.10:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.11:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.12:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.60:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.61:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.87:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.88:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.92:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.114:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.159:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.160:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.50:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.51:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.52:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.70:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.71:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.72:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.73:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.74:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.75:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.76:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.77:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.78:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.79:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.100:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.101:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.98:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.99:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.14:C:\Documents and Settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\645x5vx5.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{D91CAB8F-C109-4F43-8F7E-B6BAA6B6AF74}\RP46\A0002670.exe -> Worm.VB.dw : Cleaned.


::Report end

#4 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 22 December 2006 - 11:40 PM

* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
    • If you use Firefox:
      • Click Firefox at the top and choose: Select All
      • Click the Empty Selected button.
      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    • If you use Opera:
      • Click Opera at the top and choose: Select All
      • Click the Empty Selected button.

      • NOTE: If you would like to keep your saved passwords, please click No at the prompt.

  • Click Exit on the Main menu to close the program.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe

O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE


* Restart your computer


* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.

#5 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 02 January 2007 - 04:10 PM

Any progress here?

#6 jduke367

  • Group: Member
  • Posts: 3
  • Joined: 22-December 06

Posted 02 January 2007 - 10:26 PM

Hey, I tried to run that free scan online and its not letting me complete it. Do i have to pay for it or what?

#7 Flrman1

  • Group: Retired Staff
  • Posts: 6,596
  • Joined: 17-April 05

Posted 03 January 2007 - 01:00 PM

No, you don't have to pay for it. Ignore an requests to buy their software. Just save the log when it is complete and post the log here.

Share this topic:


Page 1 of 1