I Need Major Help Wth Deleting This Keylogger Type Thing

My step-dad clicked a friggin pop-up and it dl’ed this crazy file on to my computer. It does that stupid thing that says Deleting C Drive, gives me alotta pron pop ups and logs all my passwords, cc numbers and everything… It also has a TAC rating of 7, so that’s bad. The file is called: C:\WINDOWS\system32
compat.tlb
It will not delete, and when I go in manually to delete it, the file is not found. Ad-aware will not delete it either. I am trying Easycleaner 2.0 to see if it’ll delete it right now. But, do you have any suggestions as to what to do? Thank you all!

try using ewido from Here

or

A Squared from HERE

or

The Cleaner from HERE

update them and scan your PC

Thank you alot! I’ll check em out

You need to get hold of some antivirus software (most will stop this file)

BUT to start with take a read of this Hijack This fix. It is long and goes into fixing the problems you have with someone else so should help. http://forums.techguy.org/security/427064-hj-logfile.html

Best advice I can give though is to change browser from IE to Mozilla as it has slightly less chance of falling for these tricks but its a bit late now.


ewido anti-malware - Scan report

  • Created on: 5:27:10 PM, 1/6/2006

  • Report-Checksum: 39D04028

  • Scan result:

    HKLM\SOFTWARE\Classes\CLSID{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{3646C2BD-3554-49CA-8125-44DEEFB881DE} -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{3f4d4f88-0198-4921-b630-957f3eb814e0} -> Spyware.Altnet : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{4D1C4E89-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{4D1C4E8B-A32A-416b-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID{630D6140-04C5-4db0-B27A-020D766FF09B} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface{4D1C4E8A-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface{4D1C4E8C-A32A-416B-BCDB-33B3EF3617D3} -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.SettingsPlugin.1 -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CLSID -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin\CurVer -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Classes\Need2FindBar.ToolbarPlugin.1 -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Need2FindBar Uninstall -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500\Software\RX Toolbar -> Spyware.RXToolbar : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500\Software\Classes\CLSID{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
    HKU\S-1-5-21-1409082233-343818398-725345543-500_Classes\CLSID{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
    [2292] C:\WINDOWS\System32\wbeconm.dll -> Downloader.SpyAxe : Error during cleaning
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Administrator\Desktop\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
    C:\Documents and Settings\Administrator\Desktop\ZangoInstaller.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
    C:\Program Files\Need2Find -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\N2FFXTBR.JAR -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\N2NTSTBR.JAR -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\N2PLUGIN.DLL -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\NPND2FN.DLL -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\1.bin\PARTNER.DAT -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00068F52 -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00069954 -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00070712 -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00070A6D -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\00070C33 -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Cache\files.ini -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\History -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\History\search -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Settings -> Spyware.Need2Find : Cleaned with backup
    C:\Program Files\Need2Find\bar\Settings\prevcfg.htm -> Spyware.Need2Find : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP21\A0000867.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP21\A0000887.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP24\A0000994.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0001617.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0002541.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0003541.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0003551.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP36\A0003576.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP38\A0003607.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP38\A0004604.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP40\A0005604.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP41\A0005616.DLL -> Spyware.MySearch : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP42\A0006604.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP43\A0006614.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP43\A0006630.exe -> Adware.Bestofer : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP43\A0006631.DLL -> Spyware.P2PNetworking : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP43\A0006633.exe -> Spyware.P2PNetworking : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP44\A0007601.dll -> Spyware.RXBar : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP45\A0010658.exe -> Downloader.Small.ayl : Cleaned with backup
    C:\System Volume Information_restore{1A25D326-3CA8-4C14-9A83-56AB03514BCF}\RP47\A0011646.exe -> Adware.Spyaxe : Cleaned with backup
    C:\WINDOWS\system32__delete_on_reboot__wbeconm.dll -> Downloader.SpyAxe : Cleaned with backup

::Report End

Wow, Easycleaner 2.0 is minor league compared to this! Thanks Bjproc!

Also, download the others, and run them.

Did that do an auto clean once it located the bad files? Just curious how it compares to SPYBOT! I guess I need to try it too!

Also do any of these load spys on your computer? Just curious!

These programs are clean, AFAIK.

it cleans them but you have to go to the Quarantine tab to remove them permanently. (Ewido)

There all Maleware scanners.

Thanks man! I love this forum!