Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Facebook Aim Virus


  • This topic is locked This topic is locked
12 replies to this topic

#1 XQuintessenceX

XQuintessenceX

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 22 March 2007 - 07:31 PM

Hello,

I tried the AIMFix thing that other sites are recommending, but I can't get rid of this virus I got after clicking on a link one of my friends sent me saying "Is it okay if I use this picture of us in my facebook?" Here's my logfile:

Logfile of HijackThis v1.99.1
Scan saved at 8:28:55 PM, on 3/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ltmsg.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WDBtnMgr.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Last.fm\LastFM.exe
C:\PROGRAM FILES\ADAPTEC\EASY CD CREATOR 5\DIRECTCD\DIRECTCD.EXE
C:\WINDOWS\system32\wlpnsv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Shalin\My Documents\XPsyklonAeonX\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/keyword/%s
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuardDLBLOCK.CBrowserHelper - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [LTWinModem1] ltmsg.exe 9
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15026/CTSUEng.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewido.net/ewidoOnlineScan.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.safety.live.com/resource/d...lscbase8460.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1102130201769
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab
O16 - DPF: {8A0019EB-51FA-4AE5-A40B-C0496BBFC739} (Verizon Wireless Media Upload) - http://www.vzwpix.com/activex/VerizonWirel...loadControl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9FC5238F-12C4-454F-B1B5-74599A21DE47} (Webshots Photo Uploader) - http://community.webshots.com/html/WSPhotoUploader.CAB
O16 - DPF: {A18962F6-E6ED-40B1-97C9-1FB36F38BFA8} (Aurigma Image Uploader 3.5 Control) - http://filelodge.bolt.com/ImageUploader3.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15026/CTPID.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: SQL Server (SQLEXPRESS) (MSSQL$SQLEXPRESS) - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS (file missing)
O23 - Service: Print System Service (PrntSSV) - Unknown owner - C:\WINDOWS\system32\wlpnsv.exe
O23 - Service: Retrospect Launcher (RetroLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Retrospect WD Service (RetroWDSvc) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe

BC AdBot (Login to Remove)

 


m

#2 LonnyRJones

LonnyRJones

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 25 March 2007 - 03:39 PM

Welcome to the forum

Start Hijackthis and place a check next to these items If there.
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comned.com/signuptemplates/...login-devel.cab

Optional fix >
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe

====================================
Hit fix checked and close Hijackthis.
Restart the PC
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Post a panda online scan report
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.

#3 XQuintessenceX

XQuintessenceX
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 26 March 2007 - 06:44 PM

Thanks for the assistance, Lonny. Here's the file:

Incident Status Location

Dialer:dialer.su Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\Switch
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Shalin\Application Data\Mozilla\Firefox\Profiles\9ckl89ma.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Shalin\Application Data\Mozilla\Firefox\Profiles\9ckl89ma.default\cookies.txt[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Shalin\Application Data\Mozilla\Firefox\Profiles\9ckl89ma.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.com.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Shivani\Application Data\Mozilla\Firefox\Profiles\kptekc95.default\cookies.txt[.tradedoubler.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@2o7[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@adrevolver[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@atwola[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@bluestreak[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@burstnet[2].txt
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@media.adrevolver[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@realmedia[1].txt
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@revenue[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@searchportal.information[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Shivani\Cookies\shivani@tribalfusion[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.com.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Yogesh\Application Data\Mozilla\Firefox\Profiles\hnccbcre.default\cookies.txt[.go.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Yogesh\Cookies\yogesh@atwola[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Yogesh\Cookies\yogesh@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Yogesh\Cookies\yogesh@burstnet[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Yogesh\Cookies\yogesh@com[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Yogesh\Cookies\yogesh@xiti[1].txt
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Yogesh_2\Application Data\Mozilla\Firefox\Profiles\wily3yuw.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Yogesh_2\Application Data\Mozilla\Firefox\Profiles\wily3yuw.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Yogesh_2\Cookies\yogesh_2@ad.yieldmanager[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Yogesh_2\Cookies\yogesh_2@azjmp[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq8B.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq91.tmp
Spyware:Cookie/2o7 Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq92.tmp
Spyware:Cookie/YieldManager Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq93.tmp
Spyware:Cookie/Bluestreak Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq95.tmp
Spyware:Cookie/Bridgetrack Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq96.tmp
Spyware:Cookie/Falkag Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq97.tmp
Spyware:Cookie/Maxserving Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq98.tmp
Spyware:Cookie/AspinallsOnlineCasino Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq99.tmp
Spyware:Cookie/QuestionMarket Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9A.tmp
Spyware:Cookie/RealMedia Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9B.tmp
Spyware:Cookie/onestat.com Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9C.tmp
Spyware:Cookie/Statcounter Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9D.tmp
Spyware:Cookie/Tradedoubler Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9E.tmp
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppq9F.tmp
Spyware:Cookie/Zedo Not disinfected C:\Program Files\Yahoo!\YPSR\Quarantine\ppqA0.tmp
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00133137.TXT
Spyware:Cookie/Go Not disinfected C:\RECYCLER\NPROTECT\00133138.TXT
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133968.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133969.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133975.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133976.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133980.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133985.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133987.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133988.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133994.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00133995.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134006.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134007.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134008.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134014.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134021.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134022.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134207.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134208.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134209.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134210.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134211.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134212.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134213.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134214.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134215.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134216.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134220.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134221.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134222.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134230.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134231.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134232.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134233.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134236.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134237.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134238.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134239.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134240.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134241.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134242.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134243.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134244.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134245.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134246.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134247.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134248.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134249.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134250.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134251.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134252.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134254.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134255.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134257.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134258.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134259.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134260.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134261.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134262.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134263.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134264.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134265.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134266.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134267.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134268.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134269.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134270.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134271.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134272.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134273.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134274.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134275.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134276.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134277.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134278.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134279.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134280.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134281.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134282.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134283.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134284.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134285.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134286.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134287.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134288.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134289.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134290.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134291.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134292.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134293.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134294.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134295.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134296.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134297.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134298.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134300.MOZ[.com.com/]
Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\NPROTECT\00134301.MOZ[.com.com/]
Spyware:Cookie/Com.com Not dis

#4 LonnyRJones

LonnyRJones

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 26 March 2007 - 07:09 PM

Is that the whole log ? i was expecting to see more that just cookies

submit this file here please
http://www.bleepingcomputer.com/submit-malware.php
C:\WINDOWS\system32\wlpnsv.exe

Dont use your instant messenging programs untill we tackle the infection.

#5 XQuintessenceX

XQuintessenceX
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 26 March 2007 - 07:46 PM

Submitted. Should I still stick to this thread or is that submission going to redirect me to something else at another point?

#6 LonnyRJones

LonnyRJones

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 26 March 2007 - 10:28 PM

Thanks

What version of aimfix is it you tried ?
The current version does fix this varient, please delete the one you have, redownload and run aimfix
post its log.
http://www.jayloden.com/aimfix.htm

#7 XQuintessenceX

XQuintessenceX
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 01 April 2007 - 03:11 PM

Yeah, apparently I had an older version. This one did the trick. Thanks!

#8 LonnyRJones

LonnyRJones

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 01 April 2007 - 03:21 PM

Hi
Post the aimfix log please.
Hopefully you will have your chat buddies run aimfix to.
Also be sure to always use the latest version of aim or other chat programs.

#9 XQuintessenceX

XQuintessenceX
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 01 April 2007 - 09:53 PM

When I used AIMfix, it didn't create a log. It just showed what was removed and then told me to press Enter to exit. There was no option to create a long, and it wouldn't let me copy and paste.

#10 LonnyRJones

LonnyRJones

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 01 April 2007 - 10:21 PM

Where was it ran from ? aimfix creates a log(text file) next to the aimfix program..

#11 XQuintessenceX

XQuintessenceX
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:01:57 AM

Posted 02 April 2007 - 04:24 PM

I saved and ran it from my C: drive. I don't see any logfile next to it.

#12 LonnyRJones

LonnyRJones

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 03 April 2007 - 01:32 AM

Please take the time to read this if you havent already done so
"How did I get infected? "
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/


Surf safe

#13 LonnyRJones

LonnyRJones

  • Members
  • 245 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 10 April 2007 - 06:21 PM

Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.

If you should need to post another log for the same PC let me know via a PM (personal message).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users