View Full Version : is my computer ok?
i had a bunch of adware and trojans and other malware, after i did a few virus scans i got rid of most of them. then his pop up kept coming up about maxfiles. i keep deleting it but it comes right back up. i got panda to do a online scan and have their log file. it said 21 adware. then did spybot and it fixed every thing it found. just wanted to know if im in the clear yet.
Incident Status Location
Adware:adware/shorty Not disinfected c:\program files\common files\system32.dll
Adware:adware/wupd Not disinfected c:\windows\system32\ide21201.vxd
Adware:adware/maxifiles Not disinfected c:\program files\common files\Download
Adware:adware/elitebar Not disinfected C:\Documents and Settings\Alex\Favorites\Casino & Carrers
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.com.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.perf.overture.com/]
Adware:Adware/Maxifiles Not disinfected C:\Program Files\DNS\cwebpage.dll
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\virus.bmp
Logfile of HijackThis v1.99.1
Scan saved at 5:34:12 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.trustyhound.com/sidebar-search.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
pskelley
2007-01-16, 13:29
Welcome to the forum, you are still infected. If you still need help and are not receiving it elsewhere, you still have infections, follow these directions.
Your Java program is outdated and a security risk, see this information:
http://forums.spybot.info/showpost.php?p=12880&postcount=2
C:\Program Files\Java\jre1.5.0_02\ <<< out of date, download the newest version and uninstall all old version in Add Remove Programs.
1) Please download LQfix.exe from one of the following locations:
http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exe
Save it to your desktop.
Double-Click LQfix.exe and click Next > Next > Install.
Leave the default settings, if you change them, the fix will Fail!
You need an active Internet Connection, so make sure your you're not blocking any connection now.
Now make sure the "Launch LQfix" box is checked.
Click the Finish button, after clicking the Finish button the fix will start.
Follow the on-screen prompts.
Your system will reboot afterwards.
Please be patient after the reboot, there is a script running in the background that needs to complete.
2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.
3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.
4) TeaTimer will block the changes we must makes, follow the instructiosn in this link, turn it off until you are done.
5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:
(Some items may have been removed by the fixes, just don't miss any)
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe
Close all programs but HJT and all browser windows, then click on "Fix Checked"
6) RIGHT Click on Start then click on Explore. Locate and delete these items:
C:\WINDOWS\\\etb <<< delete that folder if there
C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe <<< delete that file
7) Follow the instructions in this link, make sure you delete or at least quarantine anything found and save the scan report, I must see it.
http://forums.security-central.us/showthread.php?t=3165
8) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
Restart the computer and post the scan results from AVG Anti-Spyware, a new HJT log and any comments you think will help.
Thanks
ok. first i updated java than looked for the folder "etb" and it wasn't there. neither was that file in the common files\windows folder. in that folder though the only file was called Auto It3, v3 script. is this ok? also i have this pop up from kaspersky that keeps popping up telling me i have a keylogger and the only i have is to allow it. it comes up like every minute. i'll post pic.
http://x013.uploaderx.net/x/keylogger.JPG
pskelley
2007-01-18, 02:44
Thanks but I do not need any pictures. I would appreciate the complete name and location of any item you are describing along with the program that is locating it. Now if you would do that and follow the directions I post to the best of your ability, we have a good chance at getting this done. Right now what I need is the information I asked for and I will place it in quotes for you to view. Thanks
Restart the computer and post the scan results from AVG Anti-Spyware, a new HJT log and any comments you think will help.
yea sorry i posted that and then restarted. i have all that.
Logfile of HijackThis v1.99.1
Scan saved at 5:32:38 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.trustyhound.com/sidebar-search.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 5:16:41 PM 1/17/2007
+ Scan result:
HKU\S-1-5-21-1606980848-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93CECBB2-6B1B-448D-91B9-72604EF70105} -> Adware.180Solutions : Cleaned.
HKU\S-1-5-21-1606980848-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1923D19B-2EE9-4466-9C3B-87F52DF177E7} -> Adware.Generic : Cleaned.
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{CC6BF5DF-2F76-480A-992C-087EF9AFF1CD}\RP119\A0010634.dll/Catcher.dll -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{CC6BF5DF-2F76-480A-992C-087EF9AFF1CD}\RP119\A0010634.dll/cwebpage.dll -> Adware.Maxifiles : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned.
HKU\S-1-5-21-1606980848-789336058-725345543-1004\Software\DNS -> Adware.Shorty : Cleaned.
HKU\S-1-5-21-1606980848-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned.
C:\System Volume Information\_restore{CC6BF5DF-2F76-480A-992C-087EF9AFF1CD}\RP118\A0010432.dll -> Adware.SideSearch : Cleaned.
C:\Documents and Settings\Alex\My Documents\Downloads\MagicISO.v5.3.229-YAG\Setup_MagicISO229.exe/Advisory.nfo -> Backdoor.Flood.a : Cleaned.
C:\System Volume Information\_restore{CC6BF5DF-2F76-480A-992C-087EF9AFF1CD}\RP118\A0010427.DLL -> Backdoor.Ruledor.J : Cleaned.
:mozilla.175:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.250:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.18:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.32:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.80:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.81:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.82:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.83:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.231:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.156:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.157:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.158:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.160:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.161:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.162:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.163:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.164:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.191:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.50:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.239:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.66:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.70:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.112:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.113:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.170:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.171:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.252:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.153:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.154:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.155:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.159:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.146:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.147:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.177:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.47:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.48:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.165:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.166:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.167:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.94:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.95:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.148:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.149:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.150:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.151:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.152:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
::Report end
i use kaspersky and it was detecting a possible keylogger which is this file:
C:\WINDOWS\system32\drivers\eabfiltr.sys
pskelley
2007-01-18, 13:19
Thanks for returning your information and the feedback, Kaspersky is a very good program, but it can make a mistake to. A google of this item:
C:\WINDOWS\system32\drivers\eabfiltr.sys returns this information:
http://www.file.net/process/eabfiltr.sys.html
The process QLB PS/2 Keyboard filter driver belongs to the software Quick Launch Buttons by Hewlett-Packard Company (www.hp.com).http://www.internetsecurityzone.com/Entities/?_eabfiltr.sys
http://www.spyware-browser.com/items/-/1072/E/1/
So we must be careful before we remove a needed file, use one or more of these free onlne scans and post the results:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html
The HJT log appear to be clean of malware and AVG did a fine job removing what the online scan (Panda?) would not. Run another online scan and don't post cookies this time, clean out those yourself. Post the results of that scan, the information from the file scan and tell me what problems you are having besides the fact Kaspersky is reporting a possible?
Thanks
yea im still here. sorry about that long wait. i just scanned the file and it said it was ok. plus i haven't been getting that pop up anymore. no popups whatsoever. im doing a panda online scan right now and will post the results in a bit just to make sure im good if thats ok.
i did the kaspersky online scan cause panda wasn't working and taking a while. it came up with no problems. i think im good thanks for ur help preciate it.:D:
pskelley
2007-01-26, 10:48
Thanks for the feedback, sounds good. If you want to stop those junk cookies in Firefox, here is information:
http://privacy.getnetwise.org/browsing/tools/firefox1/ffdisablecookies
http://www.mozilla.org/projects/security/pki/psm/help_21/using_priv_help.html
System Restore does not know the good files from the bad. In case bad stuff has gotten into your System Restore files, follow the instructions in this link to get clean System Restore files. Turn it off, reboot then turn it back on:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001111912274039?Open&src=sec_doc_nam
AVG Anti-Spyware is a good program but it does use some resources. Once the trial is over you can update and use the scanner for as long as you wish, but unless you purchase it you should turn it off completely so it does not run unless you start it manually.
Here is some great information from Tony Klein, Texruss, ChrisRLG and Grinler to help you stay clean and safe online:
http://forums.spybot.info/showthread.php?t=279
http://russelltexas.com/malware/allclear.htm
http://forum.malwareremoval.com/viewtopic.php?t=14
http://www.bleepingcomputer.com/forums/topict2520.html
http://cybercoyote.org/security/not-admin.shtml
Thanks...pskelley
Safer Networking Forums
http://www.spybot.info/en/donate/index.html
If you are reading this information...thank a teacher,
If you are reading it in English...thank a soldier.