Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack Log


  • This topic is locked This topic is locked
12 replies to this topic

#1 idjutt

idjutt

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 13 February 2006 - 12:11 PM

analyze this log? Appreciate it. Thanks SO MUCH,
Idjutt

Logfile of HijackThis v1.99.1
Scan saved at 9:02:39 AM, on 2/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\BHROOT\bin\nt611svc.exe
C:\BHROOT\bin\eventsrv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\opt\MBCASE\pm\bin\mcp.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\BHROOT\bin\portmap.exe
c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\BHROOT\bin\dbmang.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\QuickTime\qttask.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\svchost.exe
C:\Iomega\Iomega Backup\dtsc.exe
C:\Program Files\Quickenw\Qwdlls.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\Program Files\sdr Software\POS5 (AutoRepair)\POS5.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\ROSS PRICE\Desktop\StartupList.exe
C:\Documents and Settings\ROSS PRICE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Iomega\Iomega Backup\dtsc.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.1.53/hold...m-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/shared/comctl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{607AE752-A7E1-4F5A-BBBE-9D617E971CC7}: NameServer = 206.13.28.12,206.13.31.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{607AE752-A7E1-4F5A-BBBE-9D617E971CC7}: NameServer = 206.13.28.12,206.13.31.12
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bell & Howell Product License Manager - GLOBEtrotter Software Inc. - C:\PROGRA~1\BHPS\lic\\bin\lmgrd.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\bin\nt611svc.exe
O23 - Service: Bell & Howell Event Service (BHEventService) - Bell & Howell Publications Systems - C:\BHROOT\bin\eventsrv.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell PSC - C:\BHROOT\bin\dbmang.exe
O23 - Service: konfig - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: mcp - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell PSC - C:\BHROOT\bin\portmap.exe
O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

BC AdBot (Login to Remove)

 


#2 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 16 February 2006 - 10:57 PM

Hello idjutt :thumbsup:

Thanks for the patience this is what i want you to do please.

This is what i want you to do first please.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please download ewido security suite it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido, there should be an icon on your desktop, double-click it.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.

Then a online scan.

Please do an online virus scan with Panda ActiveScan Here. You need to use Internet Explorer for this scan.
  • Once you get to the Panda site, scroll down a bit and click on Scan your PC
  • A new window will appear; click on Check Now!
  • A new window will appear; fill in the boxes (Country, State, email addy)
  • Click on Scan Now! >
    If you have never used ActiveScan before, you will be prompted to install an ActiveX control (asinst.cab) : click on Install. Panda will install the component, and then install the latest signature files.
  • From "Select a device to scan...", choose "My Computer"
  • Allow the scan to run. It'll take a while.
  • When complete, click on "See Report", and then on "Save report"; save it to a convenient location.
  • I will need you to post that report in your next reply; simply open the text file, then copy/paste the content here.
When these are complete, show me the logs they generate and a new hijack log as well please. :flowers:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#3 idjutt

idjutt
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 17 February 2006 - 02:07 PM

Thank you, very much JohnL.
I'll get right on it! :thumbsup:

#4 idjutt

idjutt
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 17 February 2006 - 05:07 PM

Hello again.
Here are the logs you asked to view, John L.
Thanks again!

Logfile of HijackThis v1.99.1
Scan saved at 1:49:31 PM, on 2/17/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\BHROOT\bin\nt611svc.exe
C:\BHROOT\bin\eventsrv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\opt\MBCASE\pm\bin\mcp.exe
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
c:\program files\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Iomega\Iomega Backup\dtsc.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\BHROOT\bin\portmap.exe
c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\BHROOT\bin\dbmang.exe
C:\Program Files\Quickenw\Qwdlls.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\Program Files\sdr Software\POS5 (AutoRepair)\POS5.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\ROSS PRICE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Iomega\Iomega Backup\dtsc.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.1.53/hold...m-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/shared/comctl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{607AE752-A7E1-4F5A-BBBE-9D617E971CC7}: NameServer = 206.13.28.12,206.13.31.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{607AE752-A7E1-4F5A-BBBE-9D617E971CC7}: NameServer = 206.13.28.12,206.13.31.12
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bell & Howell Product License Manager - GLOBEtrotter Software Inc. - C:\PROGRA~1\BHPS\lic\\bin\lmgrd.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\bin\nt611svc.exe
O23 - Service: Bell & Howell Event Service (BHEventService) - Bell & Howell Publications Systems - C:\BHROOT\bin\eventsrv.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell PSC - C:\BHROOT\bin\dbmang.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: konfig - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: mcp - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell PSC - C:\BHROOT\bin\portmap.exe
O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

ACTIVE SCAN results:

Incident Status Location

Adware:adware/cws.008k Not disinfected C:\WINDOWS\iedb.dll
Adware:adware/sidesearch Not disinfected C:\Documents and Settings\ROSS PRICE\Application Data\Lycos
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ROSS PRICE\Cookies\ross price@advertising[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ROSS PRICE\Cookies\ross price@zedo[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ROSS PRICE\Cookies\ross price@tribalfusion[2].txt
Spyware:Cookie/go Not disinfected C:\Program Files\EarthLink 5.0\rp3attheaz@earthlink.net\Cookies\anyuser@go[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ROSS PRICE\Cookies\ross price@ad.yieldmanager[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\ROSS PRICE\Cookies\ross price@zedo[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\ROSS PRICE\Cookies\ross price@tribalfusion[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\ROSS PRICE\Cookies\ross price@statse.webtrendslive[2].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\ROSS PRICE\Cookies\ross price@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ROSS PRICE\Cookies\ross price@advertising[1].txt




---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 12:19:35 PM, 2/17/2006
+ Report-Checksum: BD22E06

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{622A8F48-1987-BE0C-846F-5F54337E3897} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{001C0628-4726-F204-3F0F-77067AD8EEC5} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0032CCFA-D80B-DABE-C53B-7E94CD4E0B9D} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{004CAE59-A6ED-EFA4-22CF-1C6730C6A2D5} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0059410E-8DEE-0D98-C3BC-33C7339C21E9} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0061A6A3-22A7-89C0-EBA9-4070623258CA} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{008A3C3B-9249-57B4-CBC9-55AB9E690943} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A7FBB1-F3E5-BA11-ADCA-7115E5F5414B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0153C66D-95CF-3228-7428-EABD9A94BC7F} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01760CDC-D77E-6490-7E10-7131683D9C12} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01DD3C0B-760F-349E-147E-03404280DA8F} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01E9ECB4-091B-FBA9-07B7-64920B906A95} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{021452ED-D066-A237-4628-77E375BB194B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02B1DD18-286C-7339-2831-1E97FFBF8C58} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02B42C0C-B9CA-3C8D-115E-05A0FD1CD27A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{033A4B3F-C3C4-DF85-2CF4-A9AA3F796315} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0380FD4D-5AF3-013B-AA2D-C22CDCAC6838} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04324C8A-2846-9CDA-7AE9-6D0D763453AE} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04CDFA65-5094-CF79-F042-D18BE71C16EC} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{04FC5C29-73C6-99FE-9568-2D6316E0DB4F} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{050F0369-818D-897A-88BE-54102C0B2632} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{055AE621-36B2-C236-941C-0851B0406534} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{05B63489-83B9-9DA3-1F27-6E0E557FF4AA} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{064CE72F-402C-6FA9-72C8-ADF5FEC210AD} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{066C684A-EAF0-72D5-8DC5-EB662B5410DA} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07DB2CDA-7708-CAF2-F5E3-90B6102D3E65} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07DCAC36-045B-45B8-22CE-A449FF8F0C93} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07F1B04E-4B15-B5BD-E9F8-0D52EB22542A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{083A00C1-8BB2-5BD6-D3E8-27ADF3D597CA} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{086EC45A-7F1E-8853-E711-291F764C1CD3} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{089905C9-1483-4347-E125-35E7E989E40E} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BCB6C5-94A9-56B1-A201-207E4F3D194B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08BE22CD-C122-B80D-DF7B-507913C3706E} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{08D7DCB9-A18D-AF6B-AF0D-4A3C5AC6A8F1} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{091DD5A2-BCF3-5ABD-CDB0-DEE71178B028} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{093646C5-CDDB-2035-BD50-008A30E3EA96} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09D4B4EC-89B6-4830-5D2C-6D4CE5AD4CA1} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AB9FDD1-4D56-CE34-AA6B-0709058D11EB} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0AC2FBEE-D449-CA03-0630-EADD513C5AD4} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B7CF0C1-AE5A-B428-6229-E649815FF71C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CF24D55-8DF3-646C-944C-20542C3F449C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CF849ED-E455-35C5-D9AD-0D802E5904A1} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0CFF52F1-C336-875A-2B06-DCC679371F4A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D6728F2-57FB-E3A0-FF7A-3973C57C0DC9} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D77B60B-F9B8-DEB6-F8BC-A4507B4AA22E} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0D9CFB82-A3DF-9213-83F6-7402E109CC33} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E0649E4-4EF1-5350-5D27-33BAD0093516} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E10B003-516B-A5FE-961E-ECF25BE3662B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E3716B0-8EAC-AF20-3EB8-BF8DD253519C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E426D19-A0E1-57CF-5D1D-AB6BFC7313C7} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5CE442-F259-8EF0-47AA-092CD1F3D4D6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5FE8B2-220B-60E2-C7FD-0042B1A24EF1} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E7FF52C-0406-8C94-A21B-13C5178BCC0B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FC8BB02-4196-EB40-B32D-FA768266DEA8} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FEAC69C-9085-A980-707B-6A79716D60E4} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FF9DD55-1BE4-2FBF-74EF-735B75708BE5} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E45678-2A8B-2196-7570-195720910D91} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E75D9A-AF57-F581-EC15-93E69DC0D484} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDACBE-902A-F6FD-A7D9-7D96FA804409} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10FF7B6C-277F-8B40-827B-43152B2A9C48} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{118EC672-6017-1A80-5460-65E50DBC9001} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{124FA683-824F-56B1-A647-959543371EAD} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1331A183-B481-1370-0A69-475964CB9CE6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{137D9D58-DEAC-510D-3DD5-BE1236A710B2} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{144A8F4B-8A74-6D3D-DFE1-DCADA483C0C3} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{149FF75A-CFF6-2848-6EDA-3935097F0675} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{14F3D33B-CB7D-0B2B-DB31-962C144E07C0} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{152069F2-AB84-3145-8DF8-9EFEAEE8D1AC} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{152ED6D4-CA17-E686-89DA-07F232F6A6B6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1538E7F0-E0B7-1772-9132-BA5EAF5F0739} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15D9A9D9-C737-3BFC-6E18-D10396004C70} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{15DB374F-A188-8A46-3C99-8A0FD007ABA7} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{168C6A71-7C47-EBD7-39B4-A3D02B3F4A99} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{16CEBA5B-9D6F-7367-1E63-C6B0897B9115} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{172D19B9-FEAD-2D68-1E67-461C96603108} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18BA9566-701B-0B93-6A96-A66E235B6D04} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19970A1B-D3CD-0E4F-3C80-1ED759E09E39} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19B904A4-12CC-BD9F-F9CE-8EE949E72065} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0DC895-02B9-C46C-5461-DD044EE33654} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A11794B-C0B3-F498-C150-B49AC9850C20} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB06227-02D6-8AE4-475A-58D02CC66F9A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BFA8286-5407-CA22-83F1-B5897B8E64B1} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C0AF54F-7375-54D0-D0B1-FE16DA897ABA} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C3CA150-10F8-FB34-3958-5207D6CEB86F} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C47DCAF-2F99-78C6-852D-BBC5A17E2D17} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DEAC208-7D07-8540-058A-CF49D6A25C2D} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1DEFEF55-B49E-E0AA-855C-68D02A957C1C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1E413DA1-3F55-371D-630C-8DD1750CE677} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1EB77D8F-DC5A-7E55-59FC-844CAE64FC70} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1EDAA77F-A3EB-566C-9C20-F5D68C38C988} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F33C212-0C39-038D-9AC3-DD831A833C46} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F5E6602-794F-9A94-25BE-8BD6D8142541} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2036BC98-7BA8-6855-B291-B538AE628676} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{20904407-F1D7-A5E0-D318-ADCADE1537F1} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{210E4567-72A8-B219-4757-A195720910D9} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B99E2C-B550-3547-18F7-761ADD763061} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2249CAD3-DECE-0CB5-F457-F0704A5155B1} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22B7B1C9-B119-AEAE-E0AB-1F232D49D78A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22BF9CFD-BC21-2C25-35F3-9EFED9FD26C6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22F05F61-F2F9-656B-5D10-F9C2FD321F1B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{230890A9-9F8D-7B4B-A27F-20A1985E63B7} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2340FD3F-B793-52D4-1F14-EFC67354939C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23422573-6529-05F3-758A-83DFD576733B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23513F77-7397-88ED-1C45-FC397AF78C93} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{23F25594-3C68-A00C-823F-16795B480CEC} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{241E714A-91E7-8F47-57E5-49D7B7A7FEAC} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{241E89F0-36B1-B2D9-4904-E86E094CD405} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{24825275-AF1A-97F1-0315-E5DD83ADF6F7} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{24EA7147-8ADE-60FB-9A87-0CDC80283EB6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{24EE5EA2-F68D-798A-5236-BCF1C98BD30E} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{256480E3-9E34-41AE-094E-10822A926C44} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{258D0207-AF0C-1737-F9FF-42353A0DA6B2} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25AEC155-1A3F-6021-34B6-97B5405E8A06} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26314818-C987-118D-6B00-2B86BC8CBE39} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26D0FA21-EFF8-C17F-6F83-52429D909285} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{26EAA016-982E-F4A7-13E4-B58C5CF0FDD0} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27083D1E-4CF3-6A15-63DE-48F53D2C3EC4} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{277D9C0C-2AC7-A9A7-D453-4CE7B3DD6B05} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2793398C-63BA-9933-FF75-7C0CDD7AC593} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{28535904-81D7-97E6-851A-D847E4FBDB4C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2929E202-D7B9-7E23-516C-C5BB9105F4B4} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{299C0D6E-6A21-DC7E-43CF-A80D52149E2D} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2A44FBB0-9F5C-4BF8-538E-7180CF606518} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AB80E5C-C6A3-016D-788D-E1F289A65E42} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AC75B81-8C88-A9A8-BA9C-446D24E488F0} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AEDF957-9786-6C72-19AA-9873399251FF} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B0E1448-6D34-75B6-E97E-BF9E0592877A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B1D04FB-33A0-1182-153E-61706169CDA8} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B26C442-24C7-2CC8-2599-9B436983EC3D} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B29B102-6292-1795-2125-5F59ADF800E6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C0D521E-03FF-663F-35E8-69905A28B2CF} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2CB87894-E8B0-77D7-AA0E-D52C19867959} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2CD040FA-3553-EA8B-02DA-2CC210D5115F} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2CDE04BE-5087-9425-8043-F24037206477} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D3E89CD-A4AC-454C-130C-C5ACF05F7AEC} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D9A5F30-BB39-3C3B-1DB0-A4572E5E7077} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EDD9108-F5D8-936A-8F9A-116CB847DCC0} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{309E3958-B011-61F7-2E73-86BA5E7CF01C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30CB824F-AB6E-C205-D319-301229EC00BA} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31824F81-AD56-A6D8-155C-4A6763C20370} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31A6A80F-7DB3-0D6C-BBD7-A1735115EBCE} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32EDCCFD-DAC9-D83E-5DB1-6CB6E0DCD071} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32FF8C5C-41E5-A5C0-32CF-7ACBCBCF2846} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338EF1C4-C18E-1C2E-7FBE-7204D61BE059} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3452087A-1638-42AC-6173-94D769FD4C95} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{348385B4-1D00-F877-6E9F-5DC720AC5FF6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{350C3958-E4ED-66DF-A0FC-3262F6803660} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35DDF22C-ABD8-BB4D-7430-A00C122605A3} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35E75B60-AF25-B5D1-421C-D4D30CDE44B5} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{35E7FDED-B0AC-B852-4CCF-1449CE676F25} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36243423-46FC-6AA3-B7B1-00B9FB828A5F} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3650C5E5-E653-3F15-6F9B-DC7DB007CD9A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{368141D4-591D-E735-C971-27E5E649F293} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{368D26D2-9594-7A96-ECE5-EDD633C2B10B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A2F80C-005C-56CB-3C74-0564534D0215} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36D3DED4-B6ED-977C-3402-43C0935E6265} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37FA2F8C-72AC-652D-7FF5-23198522B67A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37FC7122-6823-FF6A-4065-9DAB1F0E5954} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3804F78A-088D-A205-618F-0B63DFE0A978} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{385B60D7-47DD-5617-2CBB-6983DCDD446B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38676506-537C-15C1-0E35-C7D795AC6547} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3899FB07-EF0E-FD3E-EE72-204E9EF04D01} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38BB33F1-F3AD-BAC9-C25C-3652E669AA21} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{398A38C5-EE42-50AD-C94F-147E8B9CC3C7} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39C2D21A-FA22-FC34-4404-321D25BCADF9} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3A3AA010-1800-53BA-E16B-DD32344A479E} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AB81A3F-29D3-3712-1003-FEEBCCE5DFCA} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AC2B270-5616-68F4-58BA-C0AC2CB2188C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AE64B00-513D-BFCC-FEF5-4041FF181986} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B6C709D-7CE2-86AB-4764-145BE29D9123} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BB095BA-58DE-C7CE-7396-A8C92B4E4594} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BB11C70-4057-10E3-BD51-1DC5B80B3E69} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC0C3F4-7714-D7AB-C344-F4A5F2382602} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C1758F7-D8DC-E38C-1C12-C2E46173BFF8} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C73D315-DD9F-9F82-0398-D2936B2878B2} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C8A0B59-9DA9-0D6F-04F8-484B324BE3A0} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA4ABE3-3513-1CAF-6A8F-7B76308457F9} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CE4F6DA-CC3E-CB4B-14DA-066ECA923DB2} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3D3177E3-B283-0367-5485-9DB32FC7FD05} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DD6CBA3-9406-592D-7E4F-738A402F1B9E} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E33BE39-16CB-2D3C-7875-D4E363D00283} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E58A3D1-3E5B-E66F-5A1B-848309CC5AA0} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E8A3A27-AB09-911A-8D54-F1EB0E22B2DA} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EE97F31-5E94-78B0-8A51-18BEDACA18C9} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3F249E74-2686-933C-4EE4-07782116A4A8} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3FEA8720-3A3B-69DD-486A-6D572FF5E36C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{411CA6C9-06F4-6F86-4FCB-62621DE0E6A6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41C2DA8A-6D4A-44A8-BD78-FED9E3C402E6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245398-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41C78D23-63EE-CC67-1489-10FB9CB6F38B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-299502267-1580818891-854245

#5 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 18 February 2006 - 02:39 PM

Hello again :thumbsup:

You have some interesting stuff in here, that i am not to familiar with so we have to have that checked out. I need some files analized and see what they show us.

Jotti File Submission:
  • Please go to Jotti's malware scan
  • Copy and paste the following file path into the "File to upload & scan" box on the top of the page:
    • C:\opt\MBCASE\pm\bin\cmserver.exe
  • Click on the submit button
  • Please post the results in your next reply.
I need a couple more done when your there please.

C:\BHROOT\bin\eventsrv.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\Program Files\sdr Software\POS5 (AutoRepair)\POS5.exe


When i see the results we can move on. :flowers:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#6 idjutt

idjutt
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 21 February 2006 - 11:15 AM

OK. I ran all those through Jotti and they all came back: OK- Found nothing. :thumbsup:
Thanks John L.
Idjutt

#7 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 21 February 2006 - 09:24 PM

Ok good :thumbsup:

Since its been a couple of days can you send me another hijack log please. :flowers:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#8 idjutt

idjutt
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 23 February 2006 - 02:30 PM

Oops.
Sorry, John L.

I didn't expect you to reply so fast. :thumbsup:

THANKS!!! :flowers:


Here's the current log:



Logfile of HijackThis v1.99.1
Scan saved at 11:28:13 AM, on 2/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\BHROOT\bin\nt611svc.exe
C:\BHROOT\bin\eventsrv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\opt\MBCASE\pm\bin\mcp.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\BHROOT\bin\portmap.exe
c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\BHROOT\bin\dbmang.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Messenger\msmsgs.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Iomega\Iomega Backup\dtsc.exe
C:\Program Files\Quickenw\Qwdlls.exe
C:\Program Files\WinZip\Wzqkpick.exe
C:\Program Files\sdr Software\POS5 (AutoRepair)\POS5.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\PROGRAM FILES\YAHOO!\BROWSER\YCOMMON.EXE
C:\Program Files\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\Documents and Settings\ROSS PRICE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
R3 - Default URLSearchHook is missing
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Iomega\Iomega Backup\dtsc.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.1.53/hold...m-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/shared/comctl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{607AE752-A7E1-4F5A-BBBE-9D617E971CC7}: NameServer = 206.13.28.12,206.13.31.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{607AE752-A7E1-4F5A-BBBE-9D617E971CC7}: NameServer = 206.13.28.12,206.13.31.12
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bell & Howell Product License Manager - GLOBEtrotter Software Inc. - C:\PROGRA~1\BHPS\lic\\bin\lmgrd.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\bin\nt611svc.exe
O23 - Service: Bell & Howell Event Service (BHEventService) - Bell & Howell Publications Systems - C:\BHROOT\bin\eventsrv.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell PSC - C:\BHROOT\bin\dbmang.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: konfig - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: mcp - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell PSC - C:\BHROOT\bin\portmap.exe
O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

#9 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 23 February 2006 - 10:32 PM

Hello again :thumbsup:

This is what i need you to do.

Fire up hijack this, press scan only and place checks next to these.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R3 - Default URLSearchHook is missing
O23 - Service: konfig - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: mcp - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)


Close all browsers and click fix on hijack this, reboot and show me a new log please. :flowers:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#10 idjutt

idjutt
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 27 February 2006 - 11:55 AM

Hi, John L.
Thanks for the fast reply (AGAIN!). I didn't have time to check the comp as I was by myself last week.

Here's the current log after removing items you requested.

Logfile of HijackThis v1.99.1
Scan saved at 8:22:26 AM, on 2/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
C:\BHROOT\bin\nt611svc.exe
C:\BHROOT\bin\eventsrv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\BHROOT\bin\portmap.exe
c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\BHROOT\bin\dbmang.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\VSO\mcvsshld.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\McAfee.com\VSO\oasclnt.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Iomega\Iomega Backup\dtsc.exe
C:\Program Files\Quickenw\Qwdlls.exe
C:\Program Files\WinZip\Wzqkpick.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Documents and Settings\ROSS PRICE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.yahoo.com/search/ie.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by SBC Yahoo! DSL
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Iomega Backup Scheduler.lnk = C:\Iomega\Iomega Backup\dtsc.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\QUICKENW\QWDLLS.EXE
O4 - Global Startup: Billminder.lnk = C:\Program Files\QUICKENW\BILLMIND.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.4.1.53/hold...m-ob-assets.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0713E8D2-850A-101B-AFC0-4210102A8DA7} (Microsoft ProgressBar Control, version 5.0 (SP2)) - http://download.mcafee.com/molbin/shared/comctl32.cab
O16 - DPF: {0C568603-D79D-11D2-87A7-00C04FF158BB} (BrowseFolderPopup Class) - http://download.mcafee.com/molbin/Shared/MGBrwFld.cab
O16 - DPF: {231B1C6E-F934-42A2-92B6-C2FEFEC24276} (yucsetreg Class) - C:\Program Files\Yahoo!\common\yucconfig.dll
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://bin.mcafee.com/molbin/shared/mcinsc...84/mcinsctl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005102...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotion...ctor/WebAAS.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/mcgdmg...,21/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {DA28C54E-D95C-11D3-9A01-005004677EF4} - http://download.mcafee.com/molbin/clinic/CDM/McCDM.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbc/TrueInstallSBC.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{607AE752-A7E1-4F5A-BBBE-9D617E971CC7}: NameServer = 206.13.28.12,206.13.31.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{607AE752-A7E1-4F5A-BBBE-9D617E971CC7}: NameServer = 206.13.28.12,206.13.31.12
O23 - Service: Autodata Limited License Service - Autodata Limited - C:\Program Files\Common Files\Autodata Limited Shared\Service\ADCDLicSvc.exe
O23 - Service: Bell & Howell Product License Manager - GLOBEtrotter Software Inc. - C:\PROGRA~1\BHPS\lic\\bin\lmgrd.exe
O23 - Service: bh611 - Bell& Howell - C:\BHROOT\bin\nt611svc.exe
O23 - Service: Bell & Howell Event Service (BHEventService) - Bell & Howell Publications Systems - C:\BHROOT\bin\eventsrv.exe
O23 - Service: Bell & Howell Database Manager (dbmang) - Bell & Howell PSC - C:\BHROOT\bin\dbmang.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: ONC/RPC Portmapper (portmapper) - Bell & Howell PSC - C:\BHROOT\bin\portmap.exe
O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

#11 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 28 February 2006 - 09:11 PM

Hello again :thumbsup:

Well all thats left for me to say, this log is clean!!!!! Congrats :flowers:

Since your issues have been addressed and you are ready to travel the net again, I will just give you a few ideas on how to stay safe out there. Best of all these programs are all readily available on the net for free :huh:

To reduce the potential for spyware infection in the future, I strongly recommend installing SpywareBlaster and SpyWareGuard.

SpywareBlaster and SpywareGuard are by JavaCool and both are free programs. SpywareBlaster will prevent spyware from being installed and consumes no system resources. SpywareGuard offers realtime protection from spyware installation attempts.

More info and download is available at:

Spyware Blaster Spyware Guard

Might I suggest the following Free Spyware programs for added security, you can download them at the following links. These programs work great for detection:

Ad-aware SE--Adaware Tutorial

Spybot S&D--Spybot Tutorial

Antiviruses play an important role in keeping your computer safe and worry free while using the net. *NOTE* Only one antivirus must be allowed to run on your computer, as having two or more running can and will cause conflicts.

AVG Avast

Firewalls are also a must in any good prevention :

Zone Alarm Tiny Personal Firewall

There are different browsers available on the net, other than Internet Explorer, we believe!! these are better for security purposes :

Firefox Opera

You must stay on top of your updates at all times, for the above mentioned applications.

It is vitally important to stay on top of your critical updates provided by microsoft.

This can be accessed by going to Windows Updates and following the prompts.

To add to the performance of your computer, i suggest a weekly maintenance program. Run this tool. Ccleaner

Lastly a second opinion on the Antivirus that you have chosen. I suggest running these online virus scans periodically, just to make sure that the av is doing a proper job, of keeping you safe :

Housecall Online Scan Panda Activescan

Housecall Java Online Scan<---For those who use Firefox

And finally a little Posted Image How did I get infected in the first place ? (by Mr. Tony Klein)

Good luck and safe surfing :huh:
Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image

#12 idjutt

idjutt
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:04:40 PM

Posted 01 March 2006 - 11:41 AM

:thumbsup:

Thanks, so very much, for all your time and consideration to my plea!
I shall address your suggestions, asap.
THANK YOU, JOHN L!! :flowers:

JonnyO

#13 John L

John L

  • Members
  • 90 posts
  • OFFLINE
  •  
  • Local time:05:40 PM

Posted 02 March 2006 - 05:54 PM

Glad i could help safe surfing :thumbsup:

Edited by John L, 02 March 2006 - 05:54 PM.

Please be patient

Please do not private message me, they will be ignored. If you have a question post it on the board.

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users