is my computer ok?

[hi2live]

i had a bunch of adware and trojans and other malware, after i did a few virus scans i got rid of most of them. then his pop up kept coming up about maxfiles. i keep deleting it but it comes right back up. i got panda to do a online scan and have their log file. it said 21 adware. then did spybot and it fixed every thing it found. just wanted to know if im in the clear yet.

[hi2live]

Incident Status Location

Adware:adware/shorty Not disinfected c:\program files\common files\system32.dll
Adware:adware/wupd Not disinfected c:\windows\system32\ide21201.vxd
Adware:adware/maxifiles Not disinfected c:\program files\common files\Download
Adware:adware/elitebar Not disinfected C:\Documents and Settings\Alex\Favorites\Casino & Carrers
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/ncase Not disinfected Windows Registry
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.zedo.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.com.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.statcounter.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.ads.pointroll.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt[.perf.overture.com/]
Adware:Adware/Maxifiles Not disinfected C:\Program Files\DNS\cwebpage.dll
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\casino.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\dating.bmp
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\etb\xml\images\virus.bmp

[hi2live]

Logfile of HijackThis v1.99.1
Scan saved at 5:34:12 PM, on 1/13/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.trustyhound.com/sidebar-search.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

[pskelley]

Welcome to the forum, you are still infected. If you still need help and are not receiving it elsewhere, you still have infections, follow these directions.

Your Java program is outdated and a security risk, see this information:
http://forums.spybot.info/showpost.p...80&postcount=2
C:\Program Files\Java\jre1.5.0_02\ <<< out of date, download the newest version and uninstall all old version in Add Remove Programs.

1) Please download LQfix.exe from one of the following locations:

http://www.downloads.subratam.org/LQfix.exe
http://miekiemoes.geekstogo.com/tools/LQfix.exe

Save it to your desktop.

Double-Click LQfix.exe and click Next > Next > Install.

Leave the default settings, if you change them, the fix will Fail!
You need an active Internet Connection, so make sure your you're not blocking any connection now.

Now make sure the "Launch LQfix" box is checked.

Click the Finish button, after clicking the Finish button the fix will start.

Follow the on-screen prompts.

Your system will reboot afterwards.

Please be patient after the reboot, there is a script running in the background that needs to complete.

2) How to make files and folders visible:
Click Start > Open My Computer.
Select the Tools menu and click Folder Options.
Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
Uncheck: Hide file extensions for known file types
Uncheck the Hide protected operating system files (recommended) option.
Click Yes to confirm.
Click OK.

3) Please download ATF Cleaner by Atribune
http://www.atribune.org/content/view/25/2/
Save it to your Desktop. We will use this later.

4) TeaTimer will block the changes we must makes, follow the instructiosn in this link, turn it off until you are done.

5) Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

(Some items may have been removed by the fixes, just don't miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
O4 - HKLM\..\Run: [System service70] C:\WINDOWS\\\etb\\pokapoka70.exe
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe

Close all programs but HJT and all browser windows, then click on "Fix Checked"

6) RIGHT Click on Start then click on Explore. Locate and delete these items:

C:\WINDOWS\\\etb <<< delete that folder if there

C:\Program Files\Common Files\Windows\mc-110-12-0000080.exe <<< delete that file

7) Follow the instructions in this link, make sure you delete or at least quarantine anything found and save the scan report, I must see it.
http://forums.security-central.us/showthread.php?t=3165

8) Run ATF Cleaner
Double-click ATF-Cleaner.exe to run the program.
Click Select All found at the bottom of the list.
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Restart the computer and post the scan results from AVG Anti-Spyware, a new HJT log and any comments you think will help.

Thanks

[hi2live]

ok. first i updated java than looked for the folder "etb" and it wasn't there. neither was that file in the common files\windows folder. in that folder though the only file was called Auto It3, v3 script. is this ok? also i have this pop up from kaspersky that keeps popping up telling me i have a keylogger and the only i have is to allow it. it comes up like every minute. i'll post pic.

[pskelley]

Thanks but I do not need any pictures. I would appreciate the complete name and location of any item you are describing along with the program that is locating it. Now if you would do that and follow the directions I post to the best of your ability, we have a good chance at getting this done. Right now what I need is the information I asked for and I will place it in quotes for you to view. Thanks

Restart the computer and post the scan results from AVG Anti-Spyware, a new HJT log and any comments you think will help.

[hi2live]

yea sorry i posted that and then restarted. i have all that.

Logfile of HijackThis v1.99.1
Scan saved at 5:32:38 PM, on 1/17/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\bcmntray.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\SHARED\HPQWMI.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.trustyhound.com/sidebar-search.php
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\bcmntray
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra button: Web Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\scieplugin.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe" -r (file missing)
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:16:41 PM 1/17/2007

+ Scan result:



HKU\S-1-5-21-1606980848-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93CECBB2-6B1B-448D-91B9-72604EF70105} -> Adware.180Solutions : Cleaned.
HKU\S-1-5-21-1606980848-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1923D19B-2EE9-4466-9C3B-87F52DF177E7} -> Adware.Generic : Cleaned.
C:\Program Files\DNS\cwebpage.dll -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{CC6BF5DF-2F76-480A-992C-087EF9AFF1CD}\RP119\A0010634.dll/Catcher.dll -> Adware.Maxifiles : Cleaned.
C:\System Volume Information\_restore{CC6BF5DF-2F76-480A-992C-087EF9AFF1CD}\RP119\A0010634.dll/cwebpage.dll -> Adware.Maxifiles : Cleaned.
HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned.
HKU\S-1-5-21-1606980848-789336058-725345543-1004\Software\DNS -> Adware.Shorty : Cleaned.
HKU\S-1-5-21-1606980848-789336058-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFF4E223-7019-4CE7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned.
C:\System Volume Information\_restore{CC6BF5DF-2F76-480A-992C-087EF9AFF1CD}\RP118\A0010432.dll -> Adware.SideSearch : Cleaned.
C:\Documents and Settings\Alex\My Documents\Downloads\MagicISO.v5.3.229-YAG\Setup_MagicISO229.exe/Advisory.nfo -> Backdoor.Flood.a : Cleaned.
C:\System Volume Information\_restore{CC6BF5DF-2F76-480A-992C-087EF9AFF1CD}\RP118\A0010427.DLL -> Backdoor.Ruledor.J : Cleaned.
:mozilla.175:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.250:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.54:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.55:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.64:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.15:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.18:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.32:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.80:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.81:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.82:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.83:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.231:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.156:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.157:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.158:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.160:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.49:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.161:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.162:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.163:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.164:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.191:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.50:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.239:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.66:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.67:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.68:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.69:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.70:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.71:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.72:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.93:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.112:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.113:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.170:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.171:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.252:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.153:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.154:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.155:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.159:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.146:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.147:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.177:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.47:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.48:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.165:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.166:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.167:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.94:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.95:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.96:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.97:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.98:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.148:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.149:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.150:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.151:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.152:C:\Documents and Settings\Alex\Application Data\Mozilla\Firefox\Profiles\st6pfh2r.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end

[hi2live]

i use kaspersky and it was detecting a possible keylogger which is this file:

C:\WINDOWS\system32\drivers\eabfiltr.sys

[pskelley]

Thanks for returning your information and the feedback, Kaspersky is a very good program, but it can make a mistake to. A google of this item:
C:\WINDOWS\system32\drivers\eabfiltr.sys returns this information:
http://www.file.net/process/eabfiltr.sys.html

The process QLB PS/2 Keyboard filter driver belongs to the software Quick Launch Buttons by Hewlett-Packard Company (www.hp.com).

http://www.internetsecurityzone.com/...?_eabfiltr.sys
http://www.spyware-browser.com/items/-/1072/E/1/

So we must be careful before we remove a needed file, use one or more of these free onlne scans and post the results:
http://virusscan.jotti.org/
http://www.kaspersky.com/scanforvirus
http://www.virustotal.com/flash/index_en.html

The HJT log appear to be clean of malware and AVG did a fine job removing what the online scan (Panda?) would not. Run another online scan and don't post cookies this time, clean out those yourself. Post the results of that scan, the information from the file scan and tell me what problems you are having besides the fact Kaspersky is reporting a possible?

Thanks

[tashi]

Still with us hi2live?