Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93101 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

BookedSpace impssible to remove

Started by sandro della giustina , Jan 20 2006 04:41 AM

  • This topic is locked This topic is locked
11 replies to this topic

#1 sandro della giustina

sandro della giustina

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 20 January 2006 - 04:41 AM

I have found this Spyware with Spybot but it is unable to delete it:
HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9}
I have tried to delete it manually but I have crached my Windows XP and I have recoved it with C D reinstallation and I still found this Spyware. Ad-aware don't find it.
Then I have downloaded Hijhackthis and I hope to remove it with your help.
This is my LOG file:



Logfile of HijackThis v1.99.1
Scan saved at 11.07.26, on 20/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime Alternative\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Free Download Manager\fdm.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\magnify.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\CFS-Technologies\Speakonia\Speakonia.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\Computer\IMPOST~1\Temp\Rar$EX21.1547\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride =;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {6FCBEBA9-55A7-B157-FDD5-B73451C0EE16} - (no file)
O2 - BHO: (no name) - {2300A25A-CD2D-CBA8-E01E-A85AF0AE00C8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {D444A56C-D6E0-7A24-1108-2C44B78B91FE} - (no file)
O2 - BHO: (no name) - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - (no file)
O3 - Toolbar: (no name) - {70DE7956-479D-4eb7-8641-2B45774C350E} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINDOWS\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StocksAloud] C:\Programmi\StocksAloud\StocksAloud.exe -auto
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - Startup: HDDlife.lnk = C:\Programmi\BinarySense\HDDlife\HDDlifePro.exe
O4 - Startup: Magnify.lnk = C:\WINDOWS\system32\magnify.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Programmi\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Umail - {32B9061D-C507-4C6B-8E10-1994D57F58BA} - http://gw.virgilio.it/b2c01.umail (file missing) (HKCU)
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Programmi\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O9 - Extra button: Alice - {D95E75AF-6498-4B42-BA4F-26507289CE33} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1136833169140
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn.com/download/msnmessengersetupdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks in advanced and sorry for my english

    Advertisements

Register to Remove

#2 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 20 January 2006 - 10:58 PM

Step # 1

Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

http://www.majorgeek...7fd6b3ff02edc90

REBOOT

Step #2

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

REBOOT

Step # 3

Then do a virus scan here >>> Trend Micro

Step # 4

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

Please do note mark the logs as code as it makes them difficult to read.

#3 sandro della giustina

sandro della giustina

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 21 January 2006 - 04:28 AM

thank you very much @Siggyx for your help !
only a stupid question, If I install ewido first I need to uninstall AVG Free edition, it's true ?

#4 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 21 January 2006 - 12:11 PM

Nope, you can scan with ewido and have avg on your system.

#5 sandro della giustina

sandro della giustina

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 21 January 2006 - 02:01 PM

Ok I have made all steps of your instruction, now my initial problem has been successfully removed.
And I have also scan my system with AVG and Clamwin Antivirus
This is the Ewido log file:




---------------------------------------------------------
ewido anti-malware - Rapporto Scansione
---------------------------------------------------------

+ Creato il: 20.30.31, 21/01/06
+ Report-Checksum: 66690A3D

+ Risultati scansione:

:mozilla.35:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with Backup
:mozilla.44:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with Backup
:mozilla.45:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with Backup
:mozilla.46:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with Backup
:mozilla.47:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with Backup
:mozilla.48:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with Backup
:mozilla.51:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with Backup
:mozilla.52:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with Backup
:mozilla.53:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Euroclick : Cleaned with Backup
:mozilla.55:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with Backup
:mozilla.56:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with Backup
:mozilla.57:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with Backup
:mozilla.58:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with Backup
:mozilla.59:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with Backup
:mozilla.60:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with Backup
:mozilla.78:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with Backup
:mozilla.79:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with Backup
:mozilla.82:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with Backup
:mozilla.83:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with Backup
:mozilla.84:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with Backup
:mozilla.109:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Estat : Cleaned with Backup
:mozilla.148:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Hotlog : Cleaned with Backup
:mozilla.219:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with Backup
:mozilla.224:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with Backup
:mozilla.233:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with Backup
:mozilla.265:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with Backup
:mozilla.269:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with Backup
:mozilla.270:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with Backup
:mozilla.271:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with Backup
:mozilla.303:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with Backup
:mozilla.304:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with Backup
:mozilla.305:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with Backup
:mozilla.306:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with Backup
:mozilla.336:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with Backup
:mozilla.338:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with Backup
:mozilla.339:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with Backup
:mozilla.340:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with Backup
:mozilla.341:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with Backup
:mozilla.342:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with Backup
:mozilla.343:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with Backup
:mozilla.344:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with Backup
:mozilla.391:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Itrack : Cleaned with Backup
:mozilla.396:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.I12 : Cleaned with Backup
:mozilla.404:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with Backup
:mozilla.405:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with Backup
:mozilla.406:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with Backup
:mozilla.407:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with Backup
:mozilla.443:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with Backup
:mozilla.444:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with Backup
:mozilla.445:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with Backup
:mozilla.446:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with Backup
:mozilla.471:C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with Backup



::Report End










and this is the HijackThis log file:



Logfile of HijackThis v1.99.1
Scan saved at 20.43.01, on 21/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime Alternative\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\magnify.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://gw.aliceadsl.it/minisearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {6FCBEBA9-55A7-B157-FDD5-B73451C0EE16} - (no file)
O2 - BHO: (no name) - {2300A25A-CD2D-CBA8-E01E-A85AF0AE00C8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {D444A56C-D6E0-7A24-1108-2C44B78B91FE} - (no file)
O2 - BHO: (no name) - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - (no file)
O3 - Toolbar: (no name) - {70DE7956-479D-4eb7-8641-2B45774C350E} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StocksAloud] C:\Programmi\StocksAloud\StocksAloud.exe -auto
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - Startup: GPGRelay.lnk = C:\Programmi\GnuPT\GPGRelay\GPGrelay.exe
O4 - Startup: HDDlife.lnk = C:\Programmi\BinarySense\HDDlife\HDDlifePro.exe
O4 - Startup: Magnify.lnk = C:\WINDOWS\system32\magnify.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Programmi\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Umail - {32B9061D-C507-4C6B-8E10-1994D57F58BA} - http://gw.virgilio.it/b2c01.umail (file missing) (HKCU)
O9 - Extra button: Alice - {D95E75AF-6498-4B42-BA4F-26507289CE33} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136833169140
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pdownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#6 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 21 January 2006 - 02:15 PM

Scan with hijackthis and put a check beside these lines and choose FIX


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti

R3 - URLSearchHook: (no name) - {6FCBEBA9-55A7-B157-FDD5-B73451C0EE16} - (no file)

O2 - BHO: (no name) - {2300A25A-CD2D-CBA8-E01E-A85AF0AE00C8} - (no file)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {D444A56C-D6E0-7A24-1108-2C44B78B91FE} - (no file)
O2 - BHO: (no name) - {F8E5CA21-C27B-43e7-B2BE-4CA93C9F9A1F} - (no file)
O3 - Toolbar: (no name) - {70DE7956-479D-4eb7-8641-2B45774C350E} - (no file)
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - (no file)

REboot

Click here to run ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Paste the contents of the Panda scan report along with a new HijackThis Log in your next reply.

#7 sandro della giustina

sandro della giustina

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 22 January 2006 - 08:23 AM

Incident Status Location

Adware:adware/bookedspace Not disinfected C:\WINDOWS\cfgmgr52.ini
Adware:adware/gator Not disinfected C:\WINDOWS\GatorFDDLI.log
Adware:adware/transponder Not disinfected Windows Registry
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Computer\Cookies\computer@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Computer\Cookies\computer@888[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Computer\Cookies\computer@ath.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Computer\Cookies\computer@belnk[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Computer\Cookies\computer@btg.btgrab[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Computer\Cookies\computer@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Computer\Cookies\computer@c.goclick[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Computer\Cookies\computer@cassava[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Computer\Cookies\computer@dist.belnk[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Computer\Cookies\computer@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Computer\Cookies\computer@fe.lea.lycos[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Computer\Cookies\computer@i.screensavers[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Computer\Cookies\computer@offeroptimizer[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Computer\Cookies\computer@stats1.reliablestats[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Computer\Cookies\computer@tucows[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Computer\Cookies\computer@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Computer\Cookies\computer@yadro[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\es2r8x1s.TEST\cookies.txt[.xiti.com/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.clickbank.net/]
Spyware:Cookie/FortuneCity Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Versiontracker Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.versiontracker.com/]
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[.xmts.net/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Advnt Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[www.advnt01.com/]
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Computer\Cookies\computer@888[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Computer\Cookies\computer@888[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Computer\Cookies\computer@ath.belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Computer\Cookies\computer@belnk[1].txt
Spyware:Cookie/Btgrab Not disinfected C:\Documents and Settings\Computer\Cookies\computer@btg.btgrab[2].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\Computer\Cookies\computer@c.enhance[1].txt
Spyware:Cookie/GoClick Not disinfected C:\Documents and Settings\Computer\Cookies\computer@c.goclick[2].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Computer\Cookies\computer@cassava[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Computer\Cookies\computer@dist.belnk[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Computer\Cookies\computer@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\Computer\Cookies\computer@fe.lea.lycos[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Computer\Cookies\computer@i.screensavers[2].txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\Documents and Settings\Computer\Cookies\computer@offeroptimizer[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Computer\Cookies\computer@stats1.reliablestats[2].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Computer\Cookies\computer@tucows[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Computer\Cookies\computer@xiti[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Computer\Cookies\computer@yadro[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\es2r8x1s.TEST\cookies.txt[]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Computer\Dati applicazioni\Mozilla\Firefox\Profiles\fefgtalr.default\cookies.txt[]
Adware:Adware/IST.ISTBar Not disinfected E:\Da DVD a DIVX\Codec\DivX_Pro_5[1].x.x (www.crack.cd).zip[bzr.exe]
Adware:Adware/IST.ISTBar Not disinfected E:\Da DVD a DIVX\Codec\DivX_Pro_v5[1].0.5_Keygen_and_Patch (www.crack.cd).zip[qbi.exe]
Virus:4096 Renamed E:\Download\TB Extensions\calendar_windows_20050111.xpi[selectAddressesDialog.js]
Joke:Joke/Subli Not disinfected E:\Email\Files divertenti\flasher.zip[flasher.exe]
Joke:Joke/Cursor Not disinfected E:\Email\Files divertenti\friendly.exe
Joke:Joke/Gun Not disinfected E:\Email\Files divertenti\gun.zip[gun.exe]
Joke:Joke/Password Not disinfected E:\Email\Files divertenti\password.exe
Joke:Joke/Desktits Not disinfected E:\Email\Files divertenti\piapbz.exe
Possible Virus. Not disinfected E:\emule\Incoming\AISquared ZoomText Screen Magnifier v8.12.0.15.rar[keygen.exe]
Possible Virus. Not disinfected E:\emule\Incoming\AiSquared_BigShot_Screen_Magnifier_V2.12.0.7_by_UCF.rar[keygen.exe]
Possible Virus. Not disinfected E:\emule\Incoming\AiSquared_ZoomText_Screen_Magnifier_V8.12.0.15_Keygen_by_UCF.rar[keygen.exe]
Possible Virus. Not disinfected E:\emule\Incoming\BigShot_Screen_Magnifier_v2[1].12.0.7 (www.crack.cd).zip[keygen.exe]








Logfile of HijackThis v1.99.1
Scan saved at 15.16.22, on 22/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime Alternative\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\Free Download Manager\fdm.exe
C:\WINDOWS\system32\magnify.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StocksAloud] C:\Programmi\StocksAloud\StocksAloud.exe -auto
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - Startup: GPGRelay.lnk = C:\Programmi\GnuPT\GPGRelay\GPGrelay.exe
O4 - Startup: HDDlife.lnk = C:\Programmi\BinarySense\HDDlife\HDDlifePro.exe
O4 - Startup: Magnify.lnk = C:\WINDOWS\system32\magnify.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Programmi\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Umail - {32B9061D-C507-4C6B-8E10-1994D57F58BA} - http://gw.virgilio.it/b2c01.umail (file missing) (HKCU)
O9 - Extra button: Alice - {D95E75AF-6498-4B42-BA4F-26507289CE33} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136833169140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pdownloader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#8 sandro della giustina

sandro della giustina

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 22 January 2006 - 11:13 AM

sorry for my previous post it is too confused. now I have deleted all cookies and other files that I am sure to remove now I make another scan with Panda Active Scan and after I post the new results Thanks

#9 sandro della giustina

sandro della giustina

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 22 January 2006 - 04:54 PM

This is the final result of Panda Active Scan:

Incident Status Location

Adware:adware/transponder Not disinfected Windows Registry




And this is the HijackThis log file:

Logfile of HijackThis v1.99.1
Scan saved at 23.40.55, on 22/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ClamWin\bin\ClamTray.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\QuickTime Alternative\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
C:\Programmi\MSN Messenger\MsnMsgr.Exe
C:\Programmi\Free Download Manager\fdm.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\GnuPT\GPGRelay\GPGrelay.exe
C:\WINDOWS\system32\magnify.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.exe
C:\Programmi\OpenOffice.org 2.0\program\soffice.BIN
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
C:\Programmi\ewido anti-malware\ewidoctrl.exe
C:\Programmi\ewido anti-malware\ewidoguard.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [ClamWin] "C:\Programmi\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Programmi\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [StocksAloud] C:\Programmi\StocksAloud\StocksAloud.exe -auto
O4 - HKCU\..\Run: [Free Download Manager] C:\Programmi\Free Download Manager\fdm.exe -autorun
O4 - Startup: GPGRelay.lnk = C:\Programmi\GnuPT\GPGRelay\GPGrelay.exe
O4 - Startup: HDDlife.lnk = C:\Programmi\BinarySense\HDDlife\HDDlifePro.exe
O4 - Startup: Magnify.lnk = C:\WINDOWS\system32\magnify.exe
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Programmi\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Mozilla Thunderbird.lnk = C:\Programmi\Mozilla Thunderbird\thunderbird.exe
O8 - Extra context menu item: &Google Search - res://c:\programmi\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\programmi\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\programmi\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\programmi\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download all by Free Download Manager - file://C:\Programmi\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download by Free Download Manager - file://C:\Programmi\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download selected by Free Download Manager - file://C:\Programmi\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site by Free Download Manager - file://C:\Programmi\Free Download Manager\dlpage.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\programmi\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\programmi\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Umail - {32B9061D-C507-4C6B-8E10-1994D57F58BA} - http://gw.virgilio.it/b2c01.umail (file missing) (HKCU)
O9 - Extra button: Alice - {D95E75AF-6498-4B42-BA4F-26507289CE33} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1136833169140
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - http://messenger.msn...pdownloader.cab
O20 - AppInit_DLLs: C:\WINDOWS\system32\wmfhotfix.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\DiskeeperLite\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Programmi\ewido anti-malware\ewidoguard.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

#10 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 22 January 2006 - 06:43 PM

Lets do some cleaning.

Download ccleaner from the link below, save it to your desktop. Open ccleaner and click on run ccleaner at the bottom right.

http://www.majorgeek...wnload4191.html

Next download Regseeker from the link below. Save it to your destop. Open Regseeker and click on clean registry, next click ok. Once the scan is complete make sure the make backups is checked and then select all and delete it.

http://www.majorgeek...wnload2579.html

NEXT

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

NEXT

Click here to run ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Paste the contents of the Panda scan report along with a new HijackThis Log in your next reply.

#11 sandro della giustina

sandro della giustina

    New Member

  • New Member
  • Pip
  • 7 posts

Posted 23 January 2006 - 09:31 AM

Ok I have clean my registry as you have suggested above, and I have rescan my computer, these are results: AVG: nothing ClamWin: nothing Spybot: nothing Mycro: nothing Ad-aware: nothing Nixory: nothin Ewido:: only a problem in the cookie.txt file of Firefox that I have removed Panda Active Scan: the same problem in the Windows registry I think that I have solved my problem I don't know why Panda active scan continue to find a problem in the registry and other software don't find it. I think this Topic can be closed. Thank you very much for your great help

#12 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 23 January 2006 - 10:08 AM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·