One of the infections is a keylogger (a program that logs keystrokes).
If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech.
Save it to your desktop and run it. Click Next, then Install, then make sure
"Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
Logfile of HijackThis v1.99.1 Scan saved at 1:59:19 PM, on 8/27/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Microsoft (R) Windows Script Host Version 5.6 Random Runs removed from HKLM ...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names... C:\WINDOWS\SYSTEM32\DMDIT.EXE * csr.exe C:\WINDOWS\System32\CSEFK.EXE
»»»»» Search five digit cs, dm and jb files. This WILL/CAN also list Legit Files, Submit them at Virustotal C:\WINDOWS\SYSTEM32\CSEFK.EXE 51,200 2005-12-31 C:\WINDOWS\SYSTEM32\DMDIT.EXE 44,032 2004-08-04
Other suspects. Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
I noticed that you have
WeatherBug software installed. This program hase a suspicious reputation and I strongly recommmend that we remove it.
I have marked these entries to my instructions with
BLUE so if you really want to keep this program, skip the blue steps.
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download
ATF Cleaner by Atribune to your desktop.
Do NOT run yet.
Then, make your hidden files visible:
Go to My Computer
Select the Tools menu and click Folder Options
Click the View tab.
Checkmark the "Display the contents of system folders"
Under the Hidden files and folders select "Show hidden files and folders"
Uncheck "Hide protected operating system files"
Click Apply and then the OK and close My Computer.
Open
Control Panel ->
Add/Remove programs -> Remove all the of the following programs if found:
WeatherBug
Run HijackThis, click
Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press
Fix checked. If something isn't there, please continue with the next entry in the list.
Now lets check some settings on your system. (2000/XP) Only In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically Press OK twice to get out of the properties screen and reboot if it asks. That option might not be avaiable on some systems Next Go start run type cmd and hit OK type ipconfig /flushdns then hit enter, type exit hit enter (that space between g and / is needed)
Restart your computer to the safe mode:
Restart your computer
Start tapping the F8 key when the computer restarts.
When the start menu opens, choose Safe mode
Press Enter. The computer then begins to start in Safe mode.
Go to the My Computer and delete the following folders (if present): C:\Program Files\WeatherBug
Go to the My Computer and delete the following files(if present): C:\WINDOWS\SYSTEM32\DMDIT.EXE C:\WINDOWS\System32\CSEFK.EXE
Use the Windows search
Start
Search
All files and folders
More advanced options
Checkmark these options:
"Search system folders"
"Search hidden files and folders"
"Search subfolders"
Search for this and delete if found: systemdll.dll
Double-click ATF-Cleaner.exe to run the program. Under Main choose: Select All Click the Empty Selected button.
NOTE The following will clear all of your cookies, forms and history from FireFox. Feel free to skip this step. If you use Firefox browser
Click Firefox at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
NOTE: The following will clear all of your cookies, forms and history from Opera. Feel free to skip this step. If you use Opera browser
Click Opera at the top and choose: Select All Click the Empty Selected button. NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Now scan your computer with Ewido.
Open Ewido
Click on the Scanner icon at the top of the window
Click on the Settings tab then select Recommended Options and choose Quarantine
Click on the Scan tab
Select Complete System Scan. Ewido will now begin to scan your system
When the scan has completed, if infections were found, press Apply all actions .
Then click on the Save Scan Report button and save the scan to your Desktop where it can be easily found
Copy and paste the scan results into your next post.
When you're ready, post the following logs to here: - Ewido's report - a fresh HijackThis log
Logfile of HijackThis v1.99.1
Scan saved at 6:49:15 PM, on 8/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
You seem to have
SpywareBot installed. This program is suspicious and not recommended, more info
here I Strongly recommend that you remove the program through
Control Panel, Add/Remove programs. After that, remove its folder, C:\Program Files\
SpywareBot
Then you seem to have two antivirus programs installed,
eTrust EZ Antivirus and
Trend Micro Internet Security 2005.
You should only use one active antivirus on your computer. Running multiple antiviruses may cause all kinds of conflicts.
Please remove or disable one of these antiviruses and leave only one running. Notice that the
Trend Micro Internet Security 2005 also includes a firewall so if you decide to remove it you must install one firewall too. In that case, these are good (free) firewalls:
-
Kerio -
Sygate -
Outpost
Now you can clean Ewido's Quarantine and disable the guard.
Open Ewido
Click Guard
Click under "resident shield is"
Change it to inactive
Click Infections
Click Quarantine tab
Click Select all
Click Remove finally
Close the program
Run HijackThis, click
Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press
Fix checked.
Mr_JAk3
159 Posts
0
August 25th, 2006 15:00
I'll check your log and post you back as soon as I can ;)
erobj123
10 Posts
0
August 26th, 2006 04:00
Mr_JAk3
159 Posts
0
August 26th, 2006 04:00
One of the infections is a keylogger (a program that logs keystrokes).
If this system is used for online banking or has credit card information on it, all passwords should be changed immediately by using a different computer (not the infected one!) to make the changes. Banking and credit card institutions, if any, should be notified of the possible security breech.
I suggest that you read this article too.
Then we'll begin the cleaning.
Please create a new folder named HijackThis to your desktop. Move HijackThis.exe to that folder.
You may want to print out these instructions for reference, since you will have to restart your computer during the fix.
Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://www.bleepingcomputer.com/files/lonny/Fixwareout.exe
Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is normal.
At the end of the fix, you may need to restart your computer again.
Finally, please post a fresh HijackThis log, along with the contents of the logfile C:\fixwareout\report.txt
erobj123
10 Posts
0
August 27th, 2006 16:00
Ok, here is the fresh log.
Logfile of HijackThis v1.99.1
Scan saved at 1:59:19 PM, on 8/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {7347862F-8FE1-E62A-E8F8-156054058CB3} - systemdll.dll (file missing)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097511152171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127260434031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple.com/TSWeb/msrdp.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C9C6DF7-852C-4621-9E36-434CBBB90EC2}: NameServer = 85.255.116.82,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C9C6DF7-852C-4621-9E36-434CBBB90EC2}: NameServer = 85.255.116.82,85.255.112.235
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
erobj123
10 Posts
0
August 27th, 2006 17:00
Here is the Fixware report.
Fixwareout ver 1.003
Last edited 8/11/2006
Post this report in the forums please
Reg Entries that were deleted
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ruins\tidmd
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\xedocne
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\gib_ogol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\repiwoh
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\llun
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\golmedi
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\23plhps
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\mgcppp
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\tesvaf
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\32refaselif
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\putesprpgd
...
Microsoft (R) Windows Script Host Version 5.6
Random Runs removed from HKLM
...
PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»» Searching by size/names...
C:\WINDOWS\SYSTEM32\DMDIT.EXE
* csr.exe C:\WINDOWS\System32\CSEFK.EXE
»»»»»
Search five digit cs, dm and jb files.
This WILL/CAN also list Legit Files, Submit them at Virustotal
C:\WINDOWS\SYSTEM32\CSEFK.EXE 51,200 2005-12-31
C:\WINDOWS\SYSTEM32\DMDIT.EXE 44,032 2004-08-04
Other suspects.
Directory of C:\WINDOWS\system32
»»»»» Misc files.
»»»»» Checking for older varients covered by the Rem3 tool.
erobj123
10 Posts
0
August 28th, 2006 17:00
Mr_JAk3
159 Posts
0
August 29th, 2006 02:00
I noticed that you have WeatherBug software installed. This program hase a suspicious reputation and I strongly recommmend that we remove it.
I have marked these entries to my instructions with BLUE so if you really want to keep this program, skip the blue steps.
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download and install ewido anti-spyware 4.0
Download ATF Cleaner by Atribune to your desktop.
Do NOT run yet.
Then, make your hidden files visible:
Open Control Panel -> Add/Remove programs -> Remove all the of the following programs if found:
WeatherBug
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - {7347862F-8FE1-E62A-E8F8-156054058CB3} - systemdll.dll (file missing)[/color]
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C9C6DF7-852C-4621-9E36-434CBBB90EC2}: NameServer = 85.255.116.82,85.255.112.235
O17 - HKLM\System\CS1\Services\Tcpip\..\{1C9C6DF7-852C-4621-9E36-434CBBB90EC2}: NameServer = 85.255.116.82,85.255.112.235
Now lets check some settings on your system.
(2000/XP) Only
In the windows control panel. If you are using Windows XP's Category View, select the Network and Internet Connections category otherwise double click on Network Connections. Then right click on your default connection, usually local area connection for cable and dsl, and left click on properties. Click the Networking tab. Double-click on the Internet Protocol (TCP/IP) item and select the radio dial that says Obtain DNS servers automatically
Press OK twice to get out of the properties screen and reboot if it asks.
That option might not be avaiable on some systems
Next Go start run type cmd and hit OK
type
ipconfig /flushdns
then hit enter, type exit hit enter
(that space between g and / is needed)
Restart your computer to the safe mode:
Go to the My Computer and delete the following folders (if present):
C:\Program Files\WeatherBug
Go to the My Computer and delete the following files(if present):
C:\WINDOWS\SYSTEM32\DMDIT.EXE
C:\WINDOWS\System32\CSEFK.EXE
Use the Windows search
- Start
- Search
- All files and folders
- More advanced options
Checkmark these options:Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
NOTE The following will clear all of your cookies, forms and history from FireFox. Feel free to skip this step.
If you use Firefox browser
- Click Firefox at the top and choose: Select All
NOTE: The following will clear all of your cookies, forms and history from Opera. Feel free to skip this step.Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
- Click Opera at the top and choose: Select All
Click Exit on the Main menu to close the program.Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Now scan your computer with Ewido.
When you're ready, post the following logs to here:
- Ewido's report
- a fresh HijackThis log
erobj123
10 Posts
0
August 29th, 2006 21:00
erobj123
10 Posts
0
August 29th, 2006 21:00
ewido anti-spyware - Scan Report
---------------------------------------------------------
:mozilla.11:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.5:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10011.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10012.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\10-08-2006-22-12-07\10003.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\10-08-2006-22-12-07\10004.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10007.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\21-07-2006-04-59-17\10009.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\24-08-2006-16-47-11\10004.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\24-08-2006-16-47-11\10005.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10011.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\27-07-2006-16-21-10\10003.qit -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\16-08-2006-20-42-20\10000.qit -> TrackingCookie.7search : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10000.qit -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10000.qit -> TrackingCookie.Addynamix : Cleaned with backup (quarantined).
:mozilla.17:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.18:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\06-08-2006-16-08-40\10001.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\06-08-2006-16-08-40\10005.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10001.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\10-08-2006-22-12-07\10000.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10001.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\16-08-2006-20-42-20\10001.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10000.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\21-07-2006-04-59-17\10001.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\24-08-2006-16-47-11\10000.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10002.qit -> TrackingCookie.Advertising : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\06-08-2006-16-08-40\10002.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\06-08-2006-16-08-40\10007.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10003.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\10-08-2006-22-12-07\10001.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10002.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-08-2006-08-01-27\10000.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10001.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\21-07-2006-04-59-17\10002.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\23-07-2006-15-16-34\10000.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\24-08-2006-16-47-11\10001.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10003.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\27-07-2006-16-21-10\10000.qit -> TrackingCookie.Atdmt : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\06-08-2006-16-08-40\10004.qit -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\21-07-2006-04-59-17\10003.qit -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10004.qit -> TrackingCookie.Bridgetrack : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10002.qit -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10003.qit -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10004.qit -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10005.qit -> TrackingCookie.Clickzs : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10004.qit -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined).
:mozilla.19:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10006.qit -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10003.qit -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\21-07-2006-04-59-17\10006.qit -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\23-07-2006-15-16-34\10001.qit -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\24-08-2006-16-47-11\10002.qit -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10005.qit -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\27-07-2006-16-21-10\10002.qit -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10007.qit -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10008.qit -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10009.qit -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10005.qit -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\16-08-2006-20-42-20\10003.qit -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\16-08-2006-20-42-20\10004.qit -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10006.qit -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10007.qit -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10009.qit -> TrackingCookie.Fastclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\16-08-2006-20-42-20\10005.qit -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10008.qit -> TrackingCookie.Goclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10007.qit -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10008.qit -> TrackingCookie.Hitbox : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10009.qit -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\21-06-2006-16-37-07\10001.qit -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\10-08-2006-22-12-07\10002.qit -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10006.qit -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10011.qit -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\21-07-2006-04-59-17\10008.qit -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\24-08-2006-16-47-11\10003.qit -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10010.qit -> TrackingCookie.Mediaplex : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\10-08-2006-22-12-07\10005.qit -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\10-08-2006-22-12-07\10006.qit -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10008.qit -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\21-06-2006-16-37-07\10002.qit -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10012.qit -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\27-07-2006-16-21-10\10004.qit -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\27-07-2006-16-21-10\10005.qit -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10012.qit -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10013.qit -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10009.qit -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10013.qit -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.21:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.22:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.23:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10004.qit -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\16-08-2006-20-42-20\10002.qit -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\21-07-2006-04-59-17\10007.qit -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10006.qit -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10014.qit -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\16-08-2006-20-42-20\10007.qit -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10014.qit -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10015.qit -> TrackingCookie.Sexlist : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10016.qit -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10017.qit -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10018.qit -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10019.qit -> TrackingCookie.Sextracker : Cleaned with backup (quarantined).
:mozilla.27:C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\23-07-2006-15-16-34\10002.qit -> TrackingCookie.Spylog : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10015.qit -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\15-07-2006-19-44-58\10010.qit -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10016.qit -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\23-07-2006-15-16-34\10003.qit -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\26-08-2006-05-28-12\10014.qit -> TrackingCookie.Webtrendslive : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\19-08-2006-02-54-20\10020.qit -> TrackingCookie.Xxxcounter : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10017.qit -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\09-07-2006-11-43-06\10018.qit -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\10-08-2006-22-12-07\10009.qit -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\27-07-2006-16-21-10\10007.qit -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\Program Files\SpywareBot\Quarantine\27-07-2006-16-21-10\10008.qit -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dial32.exe -> Trojan.Dialer.ay : Cleaned with backup (quarantined).
::Report end
erobj123
10 Posts
0
August 29th, 2006 21:00
Scan saved at 6:49:15 PM, on 8/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Robinson\Application Data\Mozilla\Profiles\default\85b7r0oo.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [DLCCCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll,_RunDLLEntry@16
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1842B0EE-B597-11D4-8997-00104BD12D94} (iCC Class) - http://www.pcpitstop.com/internet/pcpConnCheck.cab
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpobjinstaller_gmn.cab
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-48.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1097511152171
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1127260434031
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9059F30F-4EB1-4BD2-9FDC-36F43A218F4A} (Microsoft RDP Client Control (redist)) - http://www.taxsimple.com/TSWeb/msrdp.cab
O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} (CoAxTrack Class) - http://ns-radio.netscape.com/radio/cabs/ampx.cab
O16 - DPF: {D68217F4-1DF9-45C1-BFA6-61DBD5464527} (Genealogy Browser) - http://66.119.139.74/cabs/zinst.cab
O16 - DPF: {E9348280-2D74-4933-BE25-73D946926795} (DeviceEnum Class) - http://h20270.www2.hp.com/ediags/gmn/install/hpbasicdetection3.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\isafe.exe
O23 - Service: dlcc_device - - C:\WINDOWS\system32\dlcccoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
Mr_JAk3
159 Posts
0
September 2nd, 2006 14:00
You seem to have SpywareBot installed. This program is suspicious and not recommended, more info here
I Strongly recommend that you remove the program through Control Panel, Add/Remove programs. After that, remove its folder, C:\Program Files\ SpywareBot
Then you seem to have two antivirus programs installed, eTrust EZ Antivirus and Trend Micro Internet Security 2005.
You should only use one active antivirus on your computer. Running multiple antiviruses may cause all kinds of conflicts.
Please remove or disable one of these antiviruses and leave only one running. Notice that the Trend Micro Internet Security 2005 also includes a firewall so if you decide to remove it you must install one firewall too. In that case, these are good (free) firewalls:
- Kerio
- Sygate
- Outpost
Now you can clean Ewido's Quarantine and disable the guard.
Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
Now you can remove FixWareout.
Then you should update your Java to the latest version (5.0 update 8)
Now you can make your hidden files hidden again.
How is the computer running now ?
Mr_JAk3
159 Posts
0
September 7th, 2006 04:00
erobj123
10 Posts
0
September 7th, 2006 15:00
Mr_JAk3
159 Posts
0
September 7th, 2006 16:00
Please post back when you're ready :)
Mr_JAk3
159 Posts
0
September 13th, 2006 17:00
Otherwise, now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Update it and scan your computer regularly with it.
Download and install Spybot S&D. Update it and scan your computer regularly with it.
SpywareBlaster will prevent spyware from being installed.
This prevents your computer from connecting to harmful sites.
Firefox is faster, safer and better browser than Internet Explorer.
Visit Windows Update regularly.
Scan your computer regularly with your antivirus.
So how did I get infected in the first place?