Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

spyware, trojans, tracking cookies, and other ... [RESOLVED]


  • This topic is locked This topic is locked

#1
Mikey's gal

Mikey's gal

    Member

  • Member
  • PipPip
  • 72 posts
Here are my log files for hijackthis and the uninstall manager and superantispyware log. I tried to get more logs but they were not available. (avast and housecall).
The trouble I am having is occasionally I here website sounds even when I don't have a browser open. My preferred browser is Firefox. I noticed in my logs that I still have IE. I thought I removed that from my system. ??? Microtrend housecall wanted to just keep doing scans over and over. Every time I did one they found more stuff. I know when I picked this virus stuff up ... I was googling the other day and tried to open a website and a download started and then my virus and spyware software went crazy alerting me. I started scanning to remove them but they attached somewhere because they are still in my system. My son did use limewire but I removed it today. This is his laptop. I am trying to tell you as much as I can. After I scanned the other day I defragmented and then did a system restore to last week sometime. That worked temporarily but I know the viruses are still in the system and would come back. I did the steps you encouraged me to do. I couldn't do panda online scan because the window would open but nothing would appear after I hit the "scan my pc" button.
I did have the biohazard screen appear once, but it is not appearing anymore. One more thing, Avast won't allow me to use the chest in safe mode. It says there is a RGP communication failure. Thanks for all your help.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:27:54 AM, on 3/18/2008
Platform: Windows XP SP2 (WinNT

5.01.2600)
MSIE: Internet Explorer v6.00 SP2

(6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4

\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4

\ashServ.exe
C:\Program Files\hpq\HP Wireless

Assistant\HP Wireless Assistant.exe
C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Grisoft\AVG Anti-

Spyware 7.5\avgas.exe
C:\Program

Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.

exe
C:\Program Files\Yahoo!\Yahoo! Music

Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1

\ymsgr_tray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSv

c.exe
C:\Program Files\Grisoft\AVG Anti-

Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec

Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4

\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4

\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla

Firefox\firefox.exe
C:\Program Files\Trend

Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://ie.redirect.hp.com/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pr

esario&pf=laptop
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Search Bar =

http://us.rd.yahoo.c...stomize/ie/defa

ults/sb/msgr8/*http://www.yahoo.com/ext/

search/search.html
R0 - HKLM\Software\Microsoft\Internet

Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet

Explorer\SearchURL,(Default) =

http://us.rd.yahoo.c...stomize/ie/defa

ults/su/msgr8/*http://www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-

4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper -

{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -

C:\Program Files\Common

Files\Adobe\Acrobat\ActiveX\AcroIEHelper

.dll
O2 - BHO: SSVHelper Class - {761497BB-

D6F0-462C-B6EB-D4DAF1D92D43} -

C:\Program Files\Java\jre1.5.0_06

\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant]

C:\Program Files\hpq\HP Wireless

Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio

Property Page Shortcut]

CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program

Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard]

C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder]

C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program

Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed

Launcher] "C:\Program Files\Adobe\Reader

8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection]

"C:\Program Files\Yahoo!\Search

Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [FCUR Agent]

C:\WINDOWS\system32\28463\FCUR.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1

\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor]

C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware]

"C:\Program Files\Grisoft\AVG Anti-

Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager]

~"C:\PROGRA~1\Yahoo!\MESSEN~1

\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SweetIM] C:\Program

Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [Windows update

loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware]

C:\Program

Files\SUPERAntiSpyware\SUPERAntiSpyware.

exe
O4 - .DEFAULT User Startup: Vongo

Tray.lnk = C:\Program

Files\Vongo\Tray.exe (User 'Default

user')
O4 - Global Startup: ymetray.lnk =

C:\Program Files\Yahoo!\Yahoo! Music

Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to

Microsoft Excel - res://C:\PROGRA~1

\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_06

\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java

Console - {08B0E5C0-4FCB-11CF-AAA5-

00401C608501} - C:\Program

Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger -

{E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} -

C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo!

Messenger - {E5D12C4E-7B4F-11D3-B5C9-

0050045C3C96} - C:\Program Files\Yahoo!

\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows

Messenger - {FB5F1910-F110-11d2-BB9E-

00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O14 - IERESET.INF:

START_PAGE_URL=http://ie.redirect.hp.com

/svs/rdr?

TYPE=3&tp=iehome&locale=EN_US&c=64&bd=pr

esario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-

fa1d4f56a2ab} (Installation Support) -

C:\Program Files\Yahoo!

\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon -

C:\Program

Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: KbdBoot - {7e4d90e6-ce3a-

4e8d-bc16-592ea01438cc} -

C:\WINDOWS\Installer\{7e4d90e6-ce3a-

4e8d-bc16-592ea01438cc}\KbdBoot.dll
O21 - SSODL: altvxvm - {93ACF0B8-2E42-

4B19-95EA-7A98BBC3954A} -

C:\WINDOWS\altvxvm.dll (file missing)
O21 - SSODL: BootUnknown - {9238daa6-

4f28-4187-b82b-2d081c6257d8} -

C:\WINDOWS\Installer\{9238daa6-4f28-

4187-b82b-2d081c6257d8}\BootUnknown.dll
O23 - Service: avast! iAVS4 Control

Service (aswUpdSv) - ALWIL Software -

C:\Program Files\Alwil Software\Avast4

\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate

Scheduler - Symantec Corporation -

C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSv

c.exe
O23 - Service: avast! Antivirus - ALWIL

Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner -

ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner -

ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard -

GRISOFT s.r.o. - C:\Program

Files\Grisoft\AVG Anti-Spyware 7.5

\guard.exe
O23 - Service: InstallDriver Table

Manager (IDriverT) - Macrovision

Corporation - C:\Program Files\Common

Files\InstallShield\Driver\11\Intel 32

\IDriverT.exe
O23 - Service: LiveUpdate - Symantec

Corporation - C:\PROGRA~1

\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC -

Unknown owner - C:\Program Files\Common

Files\Symantec Shared\CCPD-

LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) -

http://images.wikia....ncyclopedia/ima

ges/8/87/Alqitty.jpg
O24 - Desktop Component 1: (no name) -

http://images.jupite...es.com/common/d

etail/44/33/23473344.jpg
O24 - Desktop Component 2: (no name) -

http://www.hollyscoo.../BlogImages/724

00514---michael_jackson.jpg
O24 - Desktop Component 3: (no name) -

http://www.greenash....u/sites/default

/files/images/teletubbies-

happy.preview.png
O24 - Desktop Component 4: (no name) -

http://www.freequali...lpapers.com/./i

mages/bikini-girl-wallpapers/thumb-

blonde-red-white-lingerie-beach-girl.jpg
O24 - Desktop Component 5: (no name) -

http://www.pennfoster.com/images/main-

image-12.jpg

--
End of file - 7521 bytes







Adobe Flash Player 9 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player
ArcSoft VideoImpression 2
avast! Antivirus
AVG Anti-Spyware 7.5
Conexant HD Audio
Customer Experience Enhancement
DivX
Easy Internet Sign-up
ESPNMotion
HDAUDIO Soft Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB909095)
Hotfix for Windows XP (KB910728)
Hotfix for Windows XP (KB912436)
HP DVD Play 2.3
HP Help and Support
HP Imaging Device Functions 6.0
HP Photosmart Premier Software 6.0
HP Software Update
HP User Guides 0037
HP User Guides--System Recovery
HP Wireless Assistant 2.00 G2
Intel® Graphics Media Accelerator Driver
J2SE Runtime Environment 5.0 Update 6
LiveUpdate 3.0 (Symantec Corporation)
Macrogaming SweetIM 2.1
Macromedia Flash Player 8
Macromedia Shockwave Player
Microsoft .NET Framework 1.0 Hotfix (KB887998)
Microsoft .NET Framework 1.0 Hotfix (KB930494)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Works
Mozilla Firefox (2.0.0.12)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 5.0
NetWaiting
Office 2003 Trial Assistant
Otto
PC [email protected]
RealArcade
Rhapsody Player Engine
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB946026)
SmartAudio
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
SonicAC3Encoder
SonicMPEGEncoder
SUPERAntiSpyware Free Edition
Symantec KB-DocID:2003093015493306
Synaptics Pointing Device Driver
TourSetup
Update for Windows Media Player 10 (KB910393)
Update for Windows Media Player 10 (KB913800)
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB896727)
Update for Windows XP (KB911164)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Vongo
Watchtower Library 2005 - English Edition
Watchtower Library 2006 - English Edition
WildTangent Web Driver
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB890546
Windows XP Hotfix - KB891220
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
Windows XP Media Center Edition 2005 KB912067
Windows XP Media Center Edition 2005 KB915381
Wireless Home Network Setup
Yahoo! Messenger
Yahoo! Music Jukebox





UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/17/2008 at 04:27 PM

Application Version : 4.0.1154

Core Rules Database Version : 3420
Trace Rules Database Version: 1412

Scan type : Complete Scan
Total Scan Time : 00:45:35

Memory items scanned : 427
Memory threats detected : 0
Registry items scanned : 5319
Registry threats detected : 3
File items scanned : 55148
File threats detected : 30

Adware.Tracking Cookie
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][3].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][2].txt
C:\Documents and Settings\User\Cookies\[email protected][1].txt

Trojan.Net-MSV/VPS
HKCR\MSVPS.MSVPSApp
HKCR\MSVPS.MSVPSApp\CLSID
HKCR\MSVPS.MSVPSApp\CurVer
  • 0

Advertisements


#2
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

The current formatting of your log makes it difficult to read, so in notepad:
On top, click Format >uncheck Word Wrap

Then, * Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply along with a fresh HijackThis log.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

#3
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Thanks for the quick response. You guys are awesome!!!

Malwarebytes' Anti-Malware 1.08
Database version: 501

Scan type: Quick Scan
Objects scanned: 29226
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 4
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\Installer\{7e4d90e6-ce3a-4e8d-bc16-592ea01438cc}\KbdBoot.dll (Trojan.Alphabet) -> Unloaded module successfully.
C:\WINDOWS\Installer\{9238daa6-4f28-4187-b82b-2d081c6257d8}\BootUnknown.dll (Trojan.Alphabet) -> Unloaded module successfully.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7e4d90e6-ce3a-4e8d-bc16-592ea01438cc} (Trojan.Alphabet) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9238daa6-4f28-4187-b82b-2d081c6257d8} (Trojan.Alphabet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\etlrlws.bmdr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VideoPlugin (Trojan.Fakealert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\KbdBoot (Trojan.Alphabet) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\BootUnknown (Trojan.Alphabet) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\windows update loader (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\ADP (Rogue.Multiple) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\Installer\{7e4d90e6-ce3a-4e8d-bc16-592ea01438cc} (Trojan.Alphabet) -> Delete on reboot.
C:\WINDOWS\Installer\{9238daa6-4f28-4187-b82b-2d081c6257d8} (Trojan.Alphabet) -> Delete on reboot.

Files Infected:
C:\WINDOWS\Installer\{7e4d90e6-ce3a-4e8d-bc16-592ea01438cc}\KbdBoot.dll (Trojan.Alphabet) -> Delete on reboot.
C:\WINDOWS\Installer\{9238daa6-4f28-4187-b82b-2d081c6257d8}\BootUnknown.dll (Trojan.Alphabet) -> Delete on reboot.
C:\WINDOWS\rs.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Install (Rogue.Multiple) -> Quarantined and deleted successfully.




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:58 PM, on 3/18/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...o&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.c...//www.yahoo.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RecGuard] C:\Windows\SMINST\RecGuard.exe
O4 - HKLM\..\Run: [Reminder] C:\Windows\CREATOR\Remind_XP.exe
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [FCUR Agent] C:\WINDOWS\system32\28463\FCUR.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Monitor] C:\WINDOWS\PixArt\PAC207\Monitor.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] ~"C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SweetIM] C:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - .DEFAULT User Startup: Vongo Tray.lnk = C:\Program Files\Vongo\Tray.exe (User 'Default user')
O4 - Global Startup: ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=presario&pf=laptop
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: altvxvm - {93ACF0B8-2E42-4B19-95EA-7A98BBC3954A} - C:\WINDOWS\altvxvm.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O24 - Desktop Component 0: (no name) - http://images.wikia..../87/Alqitty.jpg
O24 - Desktop Component 1: (no name) - http://images.jupite...33/23473344.jpg
O24 - Desktop Component 2: (no name) - http://www.hollyscoo...ael_jackson.jpg
O24 - Desktop Component 3: (no name) - http://www.greenash....ppy.preview.png
O24 - Desktop Component 4: (no name) - http://www.freequali...-beach-girl.jpg
O24 - Desktop Component 5: (no name) - http://www.pennfoste...in-image-12.jpg

--
End of file - 7293 bytes
  • 0

#4
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Hi,

Much better.. :)


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O4 - HKLM\..\Run: [FCUR Agent] C:\WINDOWS\system32\28463\FCUR.exe
O21 - SSODL: altvxvm - {93ACF0B8-2E42-4B19-95EA-7A98BBC3954A} - C:\WINDOWS\altvxvm.dll (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

Let me know in your next reply how things are now.
  • 0

#5
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Hi :)

Everything seems to be good.
  • 0

#6
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Good to hear :)

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
  • 0

#7
Mikey's gal

Mikey's gal

    Member

  • Topic Starter
  • Member
  • PipPip
  • 72 posts
Thank you very much. I will send a donation for all your help.
:) :) :) :)
  • 0

#8
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
You're most welcome and glad I could help. :)
  • 0

#9
miekiemoes

miekiemoes

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 5,503 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP