Tech Support banner

Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
21 Posts
Discussion Starter #1
Hi,

I keep getting text popups from files called HTT or INFO on notepad. They pop up automatically at windows startup. Also, microsoft office also prompts me to finish installation ...i don't know if it's related...


Here's the panda log: (I already deleted everything in this log...)

;***********************************************************************************************************************************************************************************
ANALYSIS: 2008-09-09 00:00:09
PROTECTIONS: 0
MALWARE: 11
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00042191 adware/ist.yoursitebar Adware No 0 Yes No hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\yoursitebar
00055362 VBS/Redlof.A Virus/Worm No 0 Yes No C:\Documents and Settings\Tetsuya\Application Data\Microsoft\Office\BIZ1LGO7.JSP
00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.tribalfusion.com/]
00152401 Cookie/Belnk TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.belnk.com/]
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.statcounter.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.ads.pointroll.com/]
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.ads.pointroll.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.cs.sexcounter.com/]
00175950 Cookie/cs.sexcounter TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.cs.sexcounter.com/]
00187950 Cookie/bravenetA TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.bravenet.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.go.com/]
00194327 Cookie/Go TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.go.com/]
00262020 Cookie/Atwola TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[.atwola.com/]
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No D:\mozilla profile\COOKIES.TXT[citi.bridgetrack.com/]
;===================================================================================================================================================================================
SUSPECTS
Sent Location 7,]Xs5,
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description 7,]Xs5,
;===================================================================================================================================================================================
;===================================================================================================================================================================================




HJT log------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:04:59 AM, on 9/9/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\SYSTEM32\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
D:\QuickBooks\Components\QBAgent\qbdagent2002.exe
C:\WINDOWS\System32\wuauclt.exe
D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

N1 - Netscape 4: user_pref("browser.startup.homepage", "http://home.netscape.com/"); (C:\Program Files\Netscape\Users\type1\prefs.js)
O2 - BHO: (no name) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [internat.exe] internat.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Zone Labs Client] D:\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] D:\avastAV\ashDisp.exe
O4 - HKLM\..\Run: [aol] "D:\activeav\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [update.exe] C:\update.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Microsoft Windows Update XP64] Lcuninst.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Microsoft Windows Update XP64] Lcuninst.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Microsoft Windows Update XP64] Lcuninst.exe (User 'Default user')
O4 - Global Startup: VAIO Action Setup (server).lnk = C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
O4 - Global Startup: Picture Package VCD Maker.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Applications\Residence.exe
O4 - Global Startup: Picture Package Menu.lnk = C:\Program Files\Sony Corporation\Picture Package\Picture Package Menu\SonyTray.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: FOLDER.HTT
O4 - Global Startup: FOLDER (1).HTT
O4 - Global Startup: desktop (2).ini
O4 - Global Startup: desktop (1).ini
O4 - Global Startup: QuickBooks 2002 Delivery Agent.lnk = D:\QuickBooks\Components\QBAgent\qbdagent2002.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\OFFICE10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/mcinsctl/en-us/4,0,0,77/mcinsctl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1123197776097
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1151107127183
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/mcgdmgr/en-us/1,0,0,18/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Avira\AntiVir PersonalEdition Classic\avguard.exe

--
End of file - 5228 bytes








thank you
 
1 - 1 of 1 Posts
Status
Not open for further replies.
Top