TRTP.exe and w32.Alcra.B help

I've already ran all the specified scans and logs, and am posting them here along with the HJT log, any help would be appreciated

~ IN-LINE LOGS ATTACHED ~ SPD

this is for a friend, since their "tech guy" is the one that allowed this to happen in the first place, thx for the help

 

HijackThis is installed incorrectly and is being ran directly form the zip file. Install HijackThis to C:\Program Files\HJT, as requested in the directions for Downloading, Installing, and Running HijackThis.

Never copy & paste logs into your post, always include them as attachments.

{EDIT} Whatever is being disabled with MSConfig, stop. Check Normal Startup. I need to see everything.

I need a log from the Panda ActiveScan.

Do the following:

Uninstall UnSpyPC, this is an unwanted application and has infected the system.

Run about:Buster twice.

Download FixWareout by Lonny and save it to your Desktop.

• Please locate your download of FixWareout and INSTALL it.
• Be sure that Run fixit is checked.
• Click Finish to begin the fix.
• Follow the prompts and Reboot when asked to do so.
• Upon Reboot, follow the prompts and HijackThis should open.

Follow the directions for Running Spy Sweeper. Make sure you update the definitions before running the scan.

Post the about:Buster, FixWareout, And Spysweeper logs; along with a fresh HijackThis log.

 

here's the first bits

 

this should be the rest, hopefully i did everything right this time. sorry about the pasting in before.

-Storm-

 

Empty the Norton Antivirus Quarantine Folder.
Empty the Recycle Bin.
Empty the Norton Protected Recycle Bin.

San with HijackThis and fix the following:

Download
- Pocket Killbox
- ExplorerXP

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot. Note many of the file list below may not exist but we need to check for them anyway.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open ExplorerXP navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

Now run CCleaner. If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.

Then, as an added precaution, Go to Start -> Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.

REBOOT to Normal Mode.

Do the Following:

• How to Reset Web Settings
• Run FixWareout Again
• Post the FixWareout Log
• Post a fresh HijackThis log

 

I was undable to get the explorerxp to find any files that you stated, and the closest i found to any of the file names were in killbox, was unsure if i should delete them from killbox instead of where you stated, here's the fix wareout report and the HJT log, thanks again

 

also, as much as i've deleted/fixed the "about" lines and the exchangemaster, they seem to keep coming back

 

Download Blacklight Beta from here:
http://www.f-secure.com/blacklight/try.shtml

• Hit I accept. It will take you to download page.
• Download blbeta.exe and save it to the Desktop.
• Once saved... double click blbeta.exe to install the program.
• Click accept agreement and Click scan
  This app too may fire off a warning from antivirus. Let the driver load.
  Wait for it to finish.
• If it displays any items...don't do anything with them yet. Just hit exit (close)
• It will drop a log on Desktop that starts with fsbl....big number

Please post contents of log.

 

after I posted the last message, I DID manage to get rid of the file that was still of concern, and everything else seems to be clear with one exception, now when she tries to log into to certain pages it says "page cannot be displayed" i had her reset her security levels so it should accept the cookies from the site, no luck, had her add the page into a trusted site and still no luck, this was not the only page that has done this since we cleaned everything up, not quite sure what's going on all of a sudden even though nothing else has shown up on log

 

Install Firefox, does the same thing happen?

 

not my comp, they don't want much more installed on here, they have a hard enough time trying to navigate the little they know about IE other suggestions?

 

I need to know if it is an OS problem or an IE problem. If the pages load in Firefox then it is a problem with IE.

 

It was an IE problem, I did manage to talk her into firefox, now she is having other issues with the server itself, I truely appreciate your help, thank you.

 

You should post in the Software forum, for help with IE.