Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Pebbles

Pages: [1]
1
Tech Clinic / win32.p2p-worm.alcan.a
« on: April 22, 2006, 06:15:51 PM »
[font=\"Tahoma\"] [/font]THANKYOU!!!  Thankyou for all your time and knowledge with this matter, It is greatly appreciated!!!!!!!!!!! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

I hope you enjoy the rest of your day!  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/cool.gif\' class=\'bbc_emoticon\' alt=\'B)\' />

2
Tech Clinic / win32.p2p-worm.alcan.a
« on: April 21, 2006, 12:48:58 AM »
Hi There - the following are the logs requested  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />


Logfile of HijackThis v1.99.1
Scan saved at 3:45:13 PM, on 4/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\system32\oodag.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
C:\Program Files\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AAPT
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe





---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         3:38:40 PM, 4/21/2006
 + Report-Checksum:      1AC4D0B7

 + Scan result:

   C:\backup\counter.cab/counter.exe -> Dropper.Agent.az : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Pointroll : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\administrator@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\administrator@com[2].txt -> TrackingCookie.Com : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\administrator@com[3].txt -> TrackingCookie.Com : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\administrator@hypertracker[2].txt -> TrackingCookie.Hypertracker : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\administrator@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\administrator@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\administrator@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\administrator@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
   C:\backup\Documents and Settings\Administrator\Cookies\administrator@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
   C:\Documents and Settings\Administrator\My Documents\CSI Crime Scene Investigation\Setup.exe -> Worm.VB.an : Cleaned with backup
   C:\Documents and Settings\Administrator\My Documents\My Movies\Setup.exe -> Worm.VB.an : Cleaned with backup


::Report End





Thankyou http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />

3
Tech Clinic / win32.p2p-worm.alcan.a
« on: April 20, 2006, 06:46:58 PM »
Hi - Apologise for delay.  Log as is follows:


Logfile of HijackThis v1.99.1
Scan saved at 9:45:30 AM, on 4/21/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\drivers\KodakCCS.exe
C:\WINNT\system32\oodag.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\winupdates\winupdates.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by AAPT
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare Software\bin\EasyShare.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINNT\system32\drivers\KodakCCS.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINNT\system32\oodag.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\Kodak\Kodak EasyShare software\bin\ptssvc.exe
O23 - Service: Sygate Personal Firewall (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe

4
Tech Clinic / win32.p2p-worm.alcan.a
« on: April 19, 2006, 02:03:39 AM »
Hi,

I have found this virusy thing in my computer but do not know how to get rid of it http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/dry.gif\' class=\'bbc_emoticon\' alt=\'<_<\' /> .  I have no real computer knowledge when it comes to the terminolgy and technical side of computers.  I have windows 2000 on my computer.  Could you please explain and walk me through what i have to do to exterminate this thing??  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/ph34r.gif\' class=\'bbc_emoticon\' alt=\':ph34r:\' />

Can I just add that I have seen others ask almost the same thing that I have, but I'm a bit daft and dont seem to follow it too well!!! http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/blink.gif\' class=\'bbc_emoticon\' alt=\':blink:\' />  hehe!

Pages: [1]