When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the left hand side of the main screen click update
Then click on Start Update
The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update Ewido.
http://download.ewido.net/ewido-signatures-full-current.exe
Do
NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Please download
Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click
Check for updates now.
2) Select Configurations (click the Gear wheel at the top) as follows:
General Button > Safety & Settings: Check (Green) all three.
Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Double-click on the SmitRem.exe file. You will now see a screen.
Click on the Start button and the program will start extracting the files into a folder on your desktop called SmitRem. When it is finished, click on the OK button. If you look on your desktop you will now see a folder called
SmitRem..
Go to your desktop and double click on the
FixSF.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.
Next, please reboot your computer into
Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
When your computer has started in safe mode and you see the desktop.
Click on the Start Menu
Click on the Control Panel option.
Double-click on the
Add or Remove Programs icon.
Find the entry for SpyFalcon and double-click on it. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.
When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.
Run HijackThis, and press "Scan". When the scan is complete place a check mark next to the following entry:
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp1CDC.tmp (file missing)
After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."
===================================================
Close Hijackthis.
Then search for and DELETE the following file(s)/folder(s) IF PRESENT:
C:\Program Files\
SpyFalcon\ --folder (Do not be concerned if this folder does not exist):
Close all open Windows.
Open the
smitRem folder on your desktop
Double-click on the
RunThis.bat file, to start the tool.
When the tool starts you will see a series of screens with information on them. Read each screen, and when you are finished reading it, simply press any key on your keyboard. After reading the various screens that appear, the program will start the removal process.
If there is an uninstaller present for an infection that smitRem removes it will start this uninstaller.
Simply click on the Uninstall button and allow the uninstaller to finish. When it is completed, it will close automatically and SmitRem will prompt you to continue. Now you should press any key to continue.
When no more uninstallers can be found, the tool will continue. Your desktop will disappear and you will start seeing text scroll across the screen. This is normal and nothing to be concerned about. When SmitRem has finished running it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and empty your Recycle Bin in order to remove any leftover files installed by this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will be back at your desktop.
When the tool is finished, it will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned. Please post that log along with all others requested in your next reply.
Open
Ad-aware and do a full scan. Remove all it finds.
Run
Ewido:
Then select "Settings"
Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
Select "OK" and you will return to scanning options.
Click on Complete System Scan and the scan will begin.
This scan can take quite a while to run, so please be patient .
While the scan is in progress, you will be prompted to clean the first infected file it finds.
Choose Clean.
Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again. The best place to save it would probably be your Desktop.
Close
Ewido Next go to
Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "
Security Info" or "
Desktop Uninstall" if present.
Reboot your computer back to normal mode.
Please do an online virus scan with
Panda ActiveScan Here. You need to use Internet Explorer for this scan.
Once you get to the Panda site, scroll down a bit and click on Scan your PC
A new window will appear; click on Check Now!
A new window will appear; fill in the boxes (Country, State, email addy)
Click on Scan Now! >
If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
From "Select a device to scan...", choose "My Computer"
Allow the scan to run. It'll take a while.
When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
Please post that report in your next reply. Simply open the text file, then copy/paste the content here. Also, please include a fresh HJT log, your Ewido report, and your Smitrem log. Thanks!
ok well here it goes, panda scan still shows things i dunno.
Logfile of HijackThis v1.99.1 Scan saved at 11:59:27 PM, on 5/18/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Adware:adware/emediacodec Not disinfected c:\windows\system32\stdole3.tlb Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt[.kinghost.com/] Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt[.toplist.cz/] Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@ath.belnk[2].txt Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@ccbill[2].txt Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@kinghost[2].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@searchportal.information[2].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@target[2].txt Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@webpower[2].txt Spyware:Cookie/Spyfalcon Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@www.spyfalcon[1].txt Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ryan Overstreet\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe] Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ryan Overstreet\Desktop\smitRem\Process.exe Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ryan Overstreet\Desktop\smitRem.exe[smitRem/Process.exe] Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
Your log looks clean. The only thing showing in the Panda log is spyware cookies,
and Ewido will remove those.
You can use CCleaner as a prelude to your protective scans...by removing the junk
on the hard drive it really serves to speed things up.
Download
CCleaner.
Double click on the set up file and allow it to install to the default location. At the
Cclean setup screen & Install options Uncheck the Add Ccleaner Yahoo Tool bar unless you
want it.
Run CCleaner
Before first use, check under Options, Settings, and ensure "Only delete files in
Windows Temp folder older than 48 hours" is unchecked.
Then open it and select the items you wish to clean up.
In the Windows Tab:
I recommend cleaning all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section
Clean all entries in the "System" section
Clean all entries in the "Advanced" section.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section if you have it.
Clean any others that you choose.
Then click the "Run Cleaner" button
Reboot and post back to advise if you still get the task bar error message. If so, please
copy the exact wording of the message and paste it here.
1972vet
3.3K Posts
0
May 18th, 2006 21:00
Download FixSF.reg to your desktop by right clicking on the following link and then selecting Save Link As or Save File as, depending on your browser.
http://www.bleepingcomputer.com/files/reg/FixSF.reg
Confirm that the file FixSF.reg now resides on your desktop as we will need it later.
Please download ewido security suite trial version.
- Install Ewido security suite
- When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
- Launch Ewido, there should be an icon on your desktop double-click it.
- The program will now go to the main screen
You will need to update Ewido to the latest definition files.- On the left hand side of the main screen click update
- Then click on Start Update
The update will start and a progress bar will show the updates being installed.If you are having problems with the updater, you can use this link to manually update Ewido.http://download.ewido.net/ewido-signatures-full-current.exe
Do NOT run a scan yet.
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Please download Ad-Aware SE Personal and install it. If you already have Ad-Aware SE, please configure it as indicated below. If you have a previous version of Ad-Aware, please uninstall your current version and install the newest version SE 1.06.
1) Run Ad-Aware, and click Check for updates now.
2) Select Configurations (click the Gear wheel at the top) as follows:
- General Button > Safety & Settings: Check (Green) all three.
- Tweak Button > Cleaning Engine > UNcheck "Always try to unload modules before deletion".
Don't run it yet! Exit Ad-aware.Download smitRem.exe and save the file to your desktop.
Alternate links:
smitRem.exe
smitRem.exe
Double-click on the SmitRem.exe file. You will now see a screen.
Click on the Start button and the program will start extracting the files into a folder on your desktop called SmitRem. When it is finished, click on the OK button. If you look on your desktop you will now see a folder called SmitRem..
Go to your desktop and double click on the FixSF.reg file that you downloaded earlier. When it asks if you would like to merge the information, press the Yes button and then the OK button.
Next, please reboot your computer into Safe Mode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
When your computer has started in safe mode and you see the desktop.
Click on the Start Menu
Click on the Control Panel option.
Double-click on the Add or Remove Programs icon.
Find the entry for SpyFalcon and double-click on it. Follow the prompts to uninstall the program, but do not allow it to reboot the computer if it asks.
When it has completed uninstalling you can close Add or Remove Programs and your Control Panel.
Run HijackThis, and press "Scan". When the scan is complete place a check mark next to the following entry:
O2 - BHO: Nothing - {f79fd28e-36ee-4989-aa61-9dd8e30a82fa} - C:\WINDOWS\system32\hp1CDC.tmp (file missing)
After checking these items CLOSE ALL open windows EXCEPT HijackThis and click "Fix Checked."
===================================================
Close Hijackthis.
Then search for and DELETE the following file(s)/folder(s) IF PRESENT:
C :\Windows\System32\ dxmpp.dll --file
C:\Windows\System32\ ginuerep.dll --file
C:\Windows\System32\ twain32.dll --file
C:\Windows\System32\ reglogs.dll --file
C:\Windows\System32\ appmagr.dll --file
C:\Program Files\ SpyFalcon\ --folder (Do not be concerned if this folder does not exist):
Close all open Windows.
Open the smitRem folder on your desktop
Double-click on the RunThis.bat file, to start the tool.
When the tool starts you will see a series of screens with information on them. Read each screen, and when you are finished reading it, simply press any key on your keyboard. After reading the various screens that appear, the program will start the removal process.
If there is an uninstaller present for an infection that smitRem removes it will start this uninstaller.
Simply click on the Uninstall button and allow the uninstaller to finish. When it is completed, it will close automatically and SmitRem will prompt you to continue. Now you should press any key to continue.
When no more uninstallers can be found, the tool will continue. Your desktop will disappear and you will start seeing text scroll across the screen. This is normal and nothing to be concerned about. When SmitRem has finished running it will automatically start the Disk Cleanup program.
This program will remove all Temp, Temporary Internet Files, and empty your Recycle Bin in order to remove any leftover files installed by this infection. This process can take up to a few hours depending on your computer, so please be patient. When it is complete, it will close automatically and you will be back at your desktop.
When the tool is finished, it will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or the partition where your operating system is installed. Examining that log should show that the infection was cleaned. Please post that log along with all others requested in your next reply.
Open Ad-aware and do a full scan. Remove all it finds.
Run Ewido:
- Then select "Settings"
- Under the bottom section "What to Scan?" make sure "Scan every file" is checked.
- Select "OK" and you will return to scanning options.
- Click on Complete System Scan and the scan will begin.
- While the scan is in progress, you will be prompted to clean the first infected file it finds.
- Choose Clean.
- Then put a check next to 'Perform action on all infections' . Doing this, enables the scan to proceed automatically until its completion. Click OK
- When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again. The best place to save it would probably be your Desktop.
Close EwidoThis scan can take quite a while to run, so please be patient .
Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck " Security Info" or " Desktop Uninstall" if present.
Reboot your computer back to normal mode.
Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
ovie
4 Posts
0
May 19th, 2006 04:00
ok well here it goes, panda scan still shows things i dunno.
Logfile of HijackThis v1.99.1
Scan saved at 11:59:27 PM, on 5/18/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Program Files\Prevx1\PXAgent.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Prevx1\PXConsole.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\Documents and Settings\Ryan Overstreet\Desktop\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: GoogleAFE - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\GoogleAFE\GoogleAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/v45/yacscom.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1143609149046
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/hpdj/en/check/qdiagh.cab?326
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,1,0,4764/mcfscan.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: IntelWireless - C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
Incident Status Location
Adware:adware/emediacodec Not disinfected c:\windows\system32\stdole3.tlb
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt[.kinghost.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@ath.belnk[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@ccbill[2].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@kinghost[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@searchportal.information[2].txt
Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@target[2].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@webpower[2].txt
Spyware:Cookie/Spyfalcon Not disinfected C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@www.spyfalcon[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ryan Overstreet\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ryan Overstreet\Desktop\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Ryan Overstreet\Desktop\smitRem.exe[smitRem/Process.exe]
Virus:Eicar.Mod Not disinfected C:\Program Files\Trend Micro\Internet Security 12\tmhelp.chm[/PCC12/Test_virus.htm]
ovie
4 Posts
0
May 19th, 2006 04:00
ok heres the last of it. this s*xtracker thing must be why i get so may b.s. emails
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 10:41:38 PM, 5/18/2006
+ Report-Checksum: BF8609FA
+ Scan result:
:mozilla.26:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.60:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.61:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.62:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.63:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
:mozilla.64:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Ryan Overstreet\Application Data\Mozilla\Firefox\Profiles\xp0m48m9.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@anat.tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@as.casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@banner.paypopup[2].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@data2.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@e-2dj6wjnysgd5ecp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@marthastewart.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@maxim.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@sales.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@stats.adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@volkswagen.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Ryan Overstreet\Cookies\ryan overstreet@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream : Cleaned with backup
C:\WINDOWS\system32\htey.dll -> Trojan.Fakealert : Cleaned with backup
::Report End
1972vet
3.3K Posts
0
May 19th, 2006 11:00
and Ewido will remove those.
You can use CCleaner as a prelude to your protective scans...by removing the junk
on the hard drive it really serves to speed things up.
Download CCleaner.
Double click on the set up file and allow it to install to the default location. At the
Cclean setup screen & Install options Uncheck the Add Ccleaner Yahoo Tool bar unless you
want it.
Run CCleaner
Before first use, check under Options, Settings, and ensure "Only delete files in
Windows Temp folder older than 48 hours" is unchecked.
Then open it and select the items you wish to clean up.
In the Windows Tab:
I recommend cleaning all entries in the "Internet Explorer" section except Cookies.
Clean all the entries in the "Windows Explorer" section
Clean all entries in the "System" section
Clean all entries in the "Advanced" section.
In the Applications Tab:
Clean all except cookies in the Firefox/Mozilla section if you use it.
Clean all in the Opera section if you use it.
Clean Sun Java in the Internet Section if you have it.
Clean any others that you choose.
Then click the "Run Cleaner" button
Reboot and post back to advise if you still get the task bar error message. If so, please
copy the exact wording of the message and paste it here.
Thanks!