Results 1 to 5 of 5

Thread: W32.Myzor.FK@yf virus

  1. 2006-08-20, 21:47 #1
    Konski
    Konski is offline
    Junior Member
    Join Date
    Aug 2006
    Posts
    3

    Default W32.Myzor.FK@yf virus

    Hi there

    Got this virus, but stuck with what I need to do. Please help.

    Cheers

    Logfile of HijackThis v1.99.1
    Scan saved at 20:29:45, on 20/08/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Norton Internet Security\ISSVC.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\system32\CTsvcCDA.EXE
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\IntCodec\pmsngr.exe
    C:\WINDOWS\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    C:\Program Files\IntCodec\pmmon.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Warez\Warez.exe
    C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Program Files\Common Files\Teleca Shared\Generic.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Anti Spyware\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DK
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://helpqt.apple.com/qthelpwr3/en...ckTimeHelp.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\IntCodec\isaddon.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
    O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
    O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
    O4 - HKLM\..\Run: [CTXFIREG] CTxfiReg.exe
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [PRISMSVR.EXE] "C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\PRISMSVR.EXE" /APPLY
    O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
    O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Warez] "C:\Program Files\Warez\Warez.exe" /minimized
    O4 - Global Startup: SpeedTouch 121g Wireless USB Monitor.lnk = C:\Program Files\Thomson SpeedTouch\SpeedTouch 121g Wireless USB Monitor\st121g.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .dctmp: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin4.dll
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1147534743732
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
  2. 2006-08-20, 21:49 #2
    Konski
    Konski is offline
    Junior Member
    Join Date
    Aug 2006
    Posts
    3

    Default W32.Myzor.FK@yf virus part2

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    Incident Status Location

    Adware:adware/dollarrevenue Not disinfected c:\windows\winsysupd71.dat
    Adware:adware/intcodec Not disinfected c:\program files\IntCodec
    Adware:adware/systemdoctor Not disinfected Windows Registry
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Cookies\guest@com[1].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.anm.co.uk/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[server.iad.liveperson.net/hc/91632676]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@ad.yieldmanager[2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@adopt.hbmediapro[2].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@adultfriendfinder[2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@burstnet[2].txt
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@clickbank[2].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@com[1].txt
    Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@malwarewipe[1].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@stats1.reliablestats[1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@www.burstbeacon[2].txt
    Spyware:Cookie/Safetyhomepage Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@www.safetyhomepage[2].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@xiti[1].txt
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@yadro[1].txt
    Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Konrad\Local Settings\Temp\GLB35.tmp
    Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Konrad\Local Settings\Temp\sa95.exe[Spy-Quake2.exe]
    Adware:Adware/SpywareQuake Not disinfected C:\Documents and Settings\Konrad\Local Settings\Temp\tmp94.tmp
    Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Konrad\Local Settings\Temp\tsl2.tmp
    Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Konrad\My Documents\a?sembly\d?dplay.exe
  3. 2006-08-20, 21:52 #3
    Konski
    Konski is offline
    Junior Member
    Join Date
    Aug 2006
    Posts
    3

    Default W32.Myzor.FK@yf virus part2

    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


    Incident Status Location

    Adware:adware/dollarrevenue Not disinfected c:\windows\winsysupd71.dat
    Adware:adware/intcodec Not disinfected c:\program files\IntCodec
    Adware:adware/systemdoctor Not disinfected Windows Registry
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Guest\Cookies\guest@com[1].txt
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.2o7.net/]
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.adopt.hbmediapro.com/]
    Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.ads.pointroll.com/]
    Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.adtech.de/]
    Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.anm.co.uk/]
    Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.serving-sys.com/]
    Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[.tribalfusion.com/]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[ad.yieldmanager.com/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[server.iad.liveperson.net/]
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\Konrad\Application Data\Mozilla\Firefox\Profiles\2gm6g2yw.default\cookies.txt[server.iad.liveperson.net/hc/91632676]
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@ad.yieldmanager[2].txt
    Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@adopt.hbmediapro[2].txt
    Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@adultfriendfinder[2].txt
    Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@burstnet[2].txt
    Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@clickbank[2].txt
    Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@com[1].txt
    Spyware:Cookie/Malwarewipe Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@malwarewipe[1].txt
    Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@stats1.reliablestats[1].txt
    Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@www.burstbeacon[2].txt
    Spyware:Cookie/Safetyhomepage Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@www.safetyhomepage[2].txt
    Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@xiti[1].txt
    Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Konrad\Cookies\konrad@yadro[1].txt
    Adware:Adware/Ucmore Not disinfected C:\Documents and Settings\Konrad\Local Settings\Temp\GLB35.tmp
    Potentially unwanted tool:Application/SpywareQuake Not disinfected C:\Documents and Settings\Konrad\Local Settings\Temp\sa95.exe[Spy-Quake2.exe]
    Adware:Adware/SpywareQuake Not disinfected C:\Documents and Settings\Konrad\Local Settings\Temp\tmp94.tmp
    Potentially unwanted tool:Application/Zango Not disinfected C:\Documents and Settings\Konrad\Local Settings\Temp\tsl2.tmp
    Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\Konrad\My Documents\a?sembly\d?dplay.exe
    Last edited by tashi; 2006-08-20 at 22:01. Reason: Merged two topics
  4. 2006-08-21, 23:31 #4
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to the forum, while I am not a fan of p2p file sharing and willl offer these links for your consideration:
    http://pcpitstop.com/spycheck/p2p.asp
    http://pcpitstop.com/spycheck/badtorrent.asp
    You are running a product called Warez, look here for information: http://kppfree.altervista.org/spylist.html
    Warez P2P 2.3 v2.warezclient.com Warez P2P 2.xx only: display ad banners & pop up's; adware bundles Warez 3 P2P (tested version 3.0.1.27 beta) was released, announcing the client's return as completely adware free.
    Unless you are running the newest beta, I suggest you get it off of your computer.

    Please don't post any more logs unless I request them, you have some much stuff there in bits and pieces, hard for me to work with your topic, also do not start additional topics, stick with this one and always use the "Post Reply" button to add your information...thanks

    Follow the directions in this link: http://forums.spybot.info/showthread.php?t=4015 When you finish the instructions, post the three logs in this same topic using the "Post Reply" button.

    Spybot-S&D: Be sure to follow the directions to save the scan report but do not post it here unless requested by a helper.

    Thanks...pskelley
    Safer Networking Forums

    If you would like to let your thoughts be known about the lowlifes who put that junk on your computer, you can do that here:
    If you have been infected by one of the SpyAxe family
    http://forums.tomcoyote.org/index.php?showtopic=58063
    http://www.malwarecomplaints.info/
  5. 2006-08-28, 18:33 #5
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,967

    Default

    This topic is closed due to lack of a response to helper.

    If you need it re-opened please send me a private message (pm) and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules