Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Coolwwwsearch


  • This topic is locked This topic is locked
44 replies to this topic

#1 Ray Lambert

Ray Lambert

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 10 April 2006 - 08:06 PM

Using:
Windows XP SP2
Verizon DSL via Wireless Link
ZA Firewall/Spyware
Norton Antivirus
Spybot S&D
Ad-Adware SE

Very similar problems to those recently posted by RoseKidcats and worked by analyst BMThor.

Desired home page in Internet Explorer cannot be maintained. The home page autonomously becomes About Blank and displays a large list of links to sites under various major topical headings.

Spybot identifies multiple CoolWWWSearch.----- identies and will remove most but not all of these processes. Tere are always one or two items that are not removed. Following a "fix" attempt the following message is posted; "Some problems could not be fixed; the reason could be the associated files are still in use(in memory). This could be fixed after restart." The problem is never fixed and all the CoolWWWSearch problems are repopulated.

The following two locations are not removed:

CoolWWWSearch.HomeSearch
Root Class
HKEY_LOCAL_MACHINE\Software\Classes\NVideoCodec.Chi

CoolWWWSearch.Feet2DLL
Browser helper object
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\BrowserHelperObject
\{2B33EA89-1D32-F522-553E-7D97ADB095BC}

Your help is appreciated,
Ray Lambert

Logfile of HijackThis v1.99.1
Scan saved at 8:05:14 PM, on 4/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\WINDOWS\SYSTEM32\Drivers\DadTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02B346C4-C2D8-E7EA-C145-EF1A22D8F514} - (no file)
O2 - BHO: (no name) - {2B33EA89-1D32-F522-553E-7D97ADB095BC} - (no file)
O2 - BHO: (no name) - {4883C148-5DF5-F52E-033E-3A175DFD6596} - (no file)
O2 - BHO: (no name) - {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C} - (no file)
O2 - BHO: (no name) - {544AA546-ADBE-242A-7601-DD9E43DBD201} - (no file)
O2 - BHO: (no name) - {A16A74CA-2FA4-7746-A5FB-F309CC45452C} - (no file)
O2 - BHO: (no name) - {A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A} - (no file)
O2 - BHO: (no name) - {A83F2621-E630-7943-FD17-24FC9321228A} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [netzq.exe] C:\WINDOWS\system32\netzq.exe
O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\rlambert\Local Settings\Temporary Internet Files\Content.IE5\OBJREKDD\WinAntiSpywareScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [apixr32.exe] C:\WINDOWS\apixr32.exe
O4 - HKLM\..\Run: [msgp32.exe] C:\WINDOWS\system32\msgp32.exe
O4 - HKLM\..\Run: [d3pn32.exe] C:\WINDOWS\system32\d3pn32.exe
O4 - HKLM\..\Run: [winbe32.exe] C:\WINDOWS\winbe32.exe
O4 - HKLM\..\Run: [mfcug32.exe] C:\WINDOWS\mfcug32.exe
O4 - HKLM\..\Run: [crtg32.exe] C:\WINDOWS\crtg32.exe
O4 - HKLM\..\Run: [atlpk32.exe] C:\WINDOWS\system32\atlpk32.exe
O4 - HKLM\..\Run: [d3fa.exe] C:\WINDOWS\system32\d3fa.exe
O4 - HKLM\..\Run: [javaqb.exe] C:\WINDOWS\javaqb.exe
O4 - HKLM\..\Run: [javabw32.exe] C:\WINDOWS\javabw32.exe
O4 - HKLM\..\Run: [atlgq32.exe] C:\WINDOWS\atlgq32.exe
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\Run: [sysmh32.exe] C:\WINDOWS\system32\sysmh32.exe
O4 - HKLM\..\Run: [ntar32.exe] C:\WINDOWS\ntar32.exe
O4 - HKLM\..\Run: [sysue.exe] C:\WINDOWS\sysue.exe
O4 - HKLM\..\Run: [winuf32.exe] C:\WINDOWS\winuf32.exe
O4 - HKLM\..\Run: [atlkw32.exe] C:\WINDOWS\atlkw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [appmd32.exe] C:\WINDOWS\system32\appmd32.exe
O4 - HKLM\..\Run: [atlux.exe] C:\WINDOWS\system32\atlux.exe
O4 - HKLM\..\Run: [msko32.exe] C:\WINDOWS\msko32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093302662033
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37670.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


#2 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:26 PM

Posted 11 April 2006 - 08:53 AM

Hello and welcome to the site.. :thumbsup:

==

Please print these instructions out, or write them down, as you can't read them during the fix.

Please download AboutBuster.
  • Double click-the AboutBuster folder, then double-click the AboutBuster.exe file inside.
  • Click "Extract all" in the box that pops up, then "Next"
  • Choose the location you would like to install AboutBuster, such as My Documents.
  • Make sure "Show extracted files" is checked, then click "Finish".
  • Reboot into safe mode by continually tapping the F8 key as the computer begins to boot.
  • Launch AboutBuster and click the "Begin Removal" button. It will shut down all Explorer windows (if open) while it works.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into Safe Mode again.
  • Run About:Buster again following the same instructions as above, this time without the restart at the end.
==

Reboot normally and post back with the About:Buster log aswell as a fresh HijackThis log. :flowers:
Hi there, stranger!

#3 Ray Lambert

Ray Lambert
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 11 April 2006 - 05:53 PM

Hello Rawe,

I completed the requested tasks of running AboutBuster twice and generating a fresh HJT Log. Results are shown below:

Thanks for your help,
-Ray :thumbsup:

AboutBuster 6.01
Scan started on [4/11/2006] at [5:30:42 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Removed Stream! C:\WINDOWS\stub37.ini:yynvod
Removed Stream! C:\WINDOWS\VBADDIN.INI:ahyqpr
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:epmfrz
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:gmparn
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:kkzjp
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:knywaf
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:ktzfm
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:lgeel
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:mnjjjt
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:mxirx
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:mzcse
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:odkaqw
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:reopl
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:rqmyqv
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:skdng
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:unrvn
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:vsqxij
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:wjoyjr
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:wnnkxf
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:xhnld
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:xlqpv
Removed Stream! C:\WINDOWS\_DEFAULT.PIF:xtbgs
-------------------------------------------------------------
Removed File! : C:\WINDOWS\alvnw.txt
Removed File! : C:\WINDOWS\dhdsl.log
Removed File! : C:\WINDOWS\eyhkg.txt
Removed File! : C:\WINDOWS\hmvzh.txt
Removed File! : C:\WINDOWS\ibuet.dat
Removed File! : C:\WINDOWS\jatvh.log
Removed File! : C:\WINDOWS\jcigo.log
Removed File! : C:\WINDOWS\maukc.log
Removed File! : C:\WINDOWS\mmamp.log
Removed File! : C:\WINDOWS\moqit.dat
Removed File! : C:\WINDOWS\pnvhp.txt
Removed File! : C:\WINDOWS\qealy.log
Removed File! : C:\WINDOWS\qfdui.txt
Removed File! : C:\WINDOWS\qvoct.dat
Removed File! : C:\WINDOWS\rqivy.dat
Removed File! : C:\WINDOWS\sswxj.dat
Removed File! : C:\WINDOWS\ygvog.dat
Removed File! : C:\WINDOWS\zwotq.txt
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 5:36:39 PM


AboutBuster 6.01
Scan started on [4/11/2006] at [5:42:18 PM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
No Ads Found!
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 5:45:40 PM




Logfile of HijackThis v1.99.1
Scan saved at 6:13:03 PM, on 4/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apoint.exe
C:\WINDOWS\SYSTEM32\Drivers\DadTray.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/search/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/search/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02B346C4-C2D8-E7EA-C145-EF1A22D8F514} - (no file)
O2 - BHO: (no name) - {2B33EA89-1D32-F522-553E-7D97ADB095BC} - (no file)
O2 - BHO: (no name) - {4883C148-5DF5-F52E-033E-3A175DFD6596} - (no file)
O2 - BHO: (no name) - {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C} - (no file)
O2 - BHO: (no name) - {544AA546-ADBE-242A-7601-DD9E43DBD201} - (no file)
O2 - BHO: (no name) - {A16A74CA-2FA4-7746-A5FB-F309CC45452C} - (no file)
O2 - BHO: (no name) - {A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A} - (no file)
O2 - BHO: (no name) - {A83F2621-E630-7943-FD17-24FC9321228A} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [netzq.exe] C:\WINDOWS\system32\netzq.exe
O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\rlambert\Local Settings\Temporary Internet Files\Content.IE5\OBJREKDD\WinAntiSpywareScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [apixr32.exe] C:\WINDOWS\apixr32.exe
O4 - HKLM\..\Run: [msgp32.exe] C:\WINDOWS\system32\msgp32.exe
O4 - HKLM\..\Run: [d3pn32.exe] C:\WINDOWS\system32\d3pn32.exe
O4 - HKLM\..\Run: [winbe32.exe] C:\WINDOWS\winbe32.exe
O4 - HKLM\..\Run: [mfcug32.exe] C:\WINDOWS\mfcug32.exe
O4 - HKLM\..\Run: [crtg32.exe] C:\WINDOWS\crtg32.exe
O4 - HKLM\..\Run: [atlpk32.exe] C:\WINDOWS\system32\atlpk32.exe
O4 - HKLM\..\Run: [d3fa.exe] C:\WINDOWS\system32\d3fa.exe
O4 - HKLM\..\Run: [javaqb.exe] C:\WINDOWS\javaqb.exe
O4 - HKLM\..\Run: [javabw32.exe] C:\WINDOWS\javabw32.exe
O4 - HKLM\..\Run: [atlgq32.exe] C:\WINDOWS\atlgq32.exe
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\Run: [sysmh32.exe] C:\WINDOWS\system32\sysmh32.exe
O4 - HKLM\..\Run: [ntar32.exe] C:\WINDOWS\ntar32.exe
O4 - HKLM\..\Run: [sysue.exe] C:\WINDOWS\sysue.exe
O4 - HKLM\..\Run: [winuf32.exe] C:\WINDOWS\winuf32.exe
O4 - HKLM\..\Run: [atlkw32.exe] C:\WINDOWS\atlkw32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [appmd32.exe] C:\WINDOWS\system32\appmd32.exe
O4 - HKLM\..\Run: [atlux.exe] C:\WINDOWS\system32\atlux.exe
O4 - HKLM\..\Run: [msko32.exe] C:\WINDOWS\msko32.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093302662033
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37670.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#4 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:26 PM

Posted 12 April 2006 - 06:35 AM

Ok then, lets continue. :thumbsup:

Go ahead and delete About:Buster.

==

Please print these instructions out, or save them to a notepad file, as you can't read them during the fix.

Please download the trial version of Ewido Anti-malware here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

==

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.


==

Once in Safe Mode, please run a scan with HijackThis and check the following objects for removal if present:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/search/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.microsoft.com/search/search.asp
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://home.microsoft.com/search/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://home.microsoft.com/search/search.asp
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {02B346C4-C2D8-E7EA-C145-EF1A22D8F514} - (no file)
O2 - BHO: (no name) - {2B33EA89-1D32-F522-553E-7D97ADB095BC} - (no file)
O2 - BHO: (no name) - {4883C148-5DF5-F52E-033E-3A175DFD6596} - (no file)
O2 - BHO: (no name) - {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C} - (no file)
O2 - BHO: (no name) - {544AA546-ADBE-242A-7601-DD9E43DBD201} - (no file)
O2 - BHO: (no name) - {A16A74CA-2FA4-7746-A5FB-F309CC45452C} - (no file)
O2 - BHO: (no name) - {A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A} - (no file)
O2 - BHO: (no name) - {A83F2621-E630-7943-FD17-24FC9321228A} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O4 - HKLM\..\Run: [netzq.exe] C:\WINDOWS\system32\netzq.exe
O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\rlambert\Local Settings\Temporary Internet Files\Content.IE5\OBJREKDD\WinAntiSpywareScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [apixr32.exe] C:\WINDOWS\apixr32.exe
O4 - HKLM\..\Run: [msgp32.exe] C:\WINDOWS\system32\msgp32.exe
O4 - HKLM\..\Run: [d3pn32.exe] C:\WINDOWS\system32\d3pn32.exe
O4 - HKLM\..\Run: [winbe32.exe] C:\WINDOWS\winbe32.exe
O4 - HKLM\..\Run: [mfcug32.exe] C:\WINDOWS\mfcug32.exe
O4 - HKLM\..\Run: [crtg32.exe] C:\WINDOWS\crtg32.exe
O4 - HKLM\..\Run: [atlpk32.exe] C:\WINDOWS\system32\atlpk32.exe
O4 - HKLM\..\Run: [d3fa.exe] C:\WINDOWS\system32\d3fa.exe
O4 - HKLM\..\Run: [javaqb.exe] C:\WINDOWS\javaqb.exe
O4 - HKLM\..\Run: [javabw32.exe] C:\WINDOWS\javabw32.exe
O4 - HKLM\..\Run: [atlgq32.exe] C:\WINDOWS\atlgq32.exe
O4 - HKLM\..\Run: [addku.exe] C:\WINDOWS\system32\addku.exe
O4 - HKLM\..\Run: [sysmh32.exe] C:\WINDOWS\system32\sysmh32.exe
O4 - HKLM\..\Run: [ntar32.exe] C:\WINDOWS\ntar32.exe
O4 - HKLM\..\Run: [sysue.exe] C:\WINDOWS\sysue.exe
O4 - HKLM\..\Run: [winuf32.exe] C:\WINDOWS\winuf32.exe
O4 - HKLM\..\Run: [atlkw32.exe] C:\WINDOWS\atlkw32.exe
O4 - HKLM\..\Run: [appmd32.exe] C:\WINDOWS\system32\appmd32.exe
O4 - HKLM\..\Run: [atlux.exe] C:\WINDOWS\system32\atlux.exe
O4 - HKLM\..\Run: [msko32.exe] C:\WINDOWS\msko32.exe


Now close ALL other open windows except for HijackThis and hit FIX CHECKED.

==

Next, please run a scan with Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily. (Maybe Desktop)
  • Close Ewido Anti-Malware.
==

Now, reboot back into Normal mode, open the Report.txt file and copy & paste it's content to this thread along with a fresh HijackThis log. :flowers:
Hi there, stranger!

#5 Ray Lambert

Ray Lambert
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 12 April 2006 - 06:12 PM

Hello again,
I was surprised to fine that I had all but one of the register enteries that you had me "Fix"(delete). Also that that Ewiedo found an additional 544 items!

New scan results follow:

Logfile of HijackThis v1.99.1
Scan saved at 6:59:15 PM, on 4/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\SYSTEM32\Drivers\DadTray.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findwe...ast?query=03253
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {02B346C4-C2D8-E7EA-C145-EF1A22D8F514} - (no file)
O2 - BHO: (no name) - {2B33EA89-1D32-F522-553E-7D97ADB095BC} - (no file)
O2 - BHO: (no name) - {4883C148-5DF5-F52E-033E-3A175DFD6596} - (no file)
O2 - BHO: (no name) - {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C} - (no file)
O2 - BHO: (no name) - {544AA546-ADBE-242A-7601-DD9E43DBD201} - (no file)
O2 - BHO: (no name) - {A16A74CA-2FA4-7746-A5FB-F309CC45452C} - (no file)
O2 - BHO: (no name) - {A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A} - (no file)
O2 - BHO: (no name) - {A83F2621-E630-7943-FD17-24FC9321228A} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\rlambert\Local Settings\Temporary Internet Files\Content.IE5\OBJREKDD\WinAntiSpywareScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093302662033
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37670.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:39:57 PM, 4/12/2006
+ Report-Checksum: 73D17E18

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{009127DE-BC8B-9CFD-F6A5-8DE090C457F8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0108204E-FE17-D532-5C20-738F637A3E9A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{011CA171-EE6B-EF0C-A0D7-D291FDD4ECAA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0128CB6A-3BE0-896F-A8BF-286ECE71F3F1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01EB6314-2088-7180-0D75-C69CAD5AE4F9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04FC5C29-73C6-99FE-9568-2D6316E0DB4F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{058C410D-7FA2-8B13-FF31-393FF18E6171} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05C095E7-A44C-D83C-D547-D3462410CF3E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{063D279E-A38A-A210-36D9-149D77FEE32B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{06795871-C179-8D58-341F-C24F6C90737E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0899A5EA-920C-480E-4880-15E50AA52116} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{093646C5-CDDB-2035-BD50-008A30E3EA96} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{095AEAC7-0EE3-5E2C-CE96-56983CF29ED9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0A9850AB-BEFF-800A-BCCF-27897A9AC53A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B1EDEB6-897D-02BF-11AF-9F1EE56199D6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0E09149B-AF00-347C-FBA9-72BF9910B01C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0E203429-DA50-70B7-1AE9-3AD01EAF46A0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{11979287-2B3E-0B9F-621B-D4A9CF0D5148} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1321EF49-6B5C-04F9-66D4-F25BB941C72B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{13B849C1-8710-E1DB-94A7-65402EF986A8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16D601F6-E41B-1A0C-95AA-2EF05F7C37EE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD3E410-6822-BE2A-0A66-2AEDBD878A3B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C41EA19-F010-C8C9-B542-ECB8825621D2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1CA0AD4B-4567-AA75-CB81-8F68F4CB4B17} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E95BA2D-7B18-89AD-6312-95C44DAD58C3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1EADEC0E-92FE-44A9-A50B-058BFBC01820} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{20881ADC-7FCB-1C96-735F-EB9B62875CFC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{210DA3EA-7212-BF98-5DA5-512FB07FF569} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21D18AE6-61BC-B055-6033-A149E0916071} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{22AE9EF2-E841-C736-4068-44E5D9CBA826} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{242B601C-A745-B77C-C932-0DC0FDD0D3DF} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{24C595AC-D914-BDA8-E0FE-1EC427E42B62} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{28263ADC-061F-622A-0FBE-4277E57E29DA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{292BEF21-33AD-10B1-429C-323A3A1207E6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2AA087AF-452D-7B85-0376-6038DFB29FBD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2C7CF490-1249-883F-0184-3E592E38C8AF} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D803A3C-BE44-E371-10B4-8A9913C5F1C1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{322FB8F1-4225-C16E-7E8B-C92AF7A198BD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{33A30E72-AD02-BEB6-2908-7AA515431D49} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{340F8BCF-8B84-64A3-3BC0-8BEDA7F94B34} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{341A1742-FEB7-BFBC-7426-18BD3EA0F345} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{341BB010-C2FC-0291-0C0B-03CA46CB74BD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{348385B4-1D00-F877-6E9F-5DC720AC5FF6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3710CF58-4F9C-5364-2D7D-D2B63F4C0E70} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3736852A-C061-2B1E-B2A9-D84481A22C49} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{397908D2-036A-0DE2-011B-1BFB800C4920} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B79E239-8727-99EF-9B36-C6AA6A147783} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B821BB1-33C7-877C-CF3F-E5E87BDB1C5A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B9CB54E-F318-B709-AA3D-26315C164573} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E739557-9D68-522B-C5F0-2630AEE4E243} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3EAAB545-5DA5-D593-1DC7-5C6B1EC765D8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4197FF54-5C18-A7E5-9CC3-32130092E2A4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4324EC06-E339-D60F-9E06-C4507E11B1F3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44EFC673-4939-3C06-757F-447C75BB2AA1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{45932E37-6D54-6EDE-F0CD-8EDC86755B6A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{45FD337F-A4F6-E717-BF97-16695299D817} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4861F239-22C4-39AD-0E05-069E210E1F47} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4CC69C86-A66C-150A-8AF4-0FE86BFA7342} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4F787897-0AF3-4126-EE8D-96EDB124C98B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50AA68D1-B792-9F1D-0E5A-E28E5958CC5B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53720BB4-9B1D-92E4-D81F-8022F1F83F6C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{55EA0424-DDA9-DB28-3D99-75C0B49E15FE} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{55F4B2C0-1BA9-30E2-C41A-87A1C59255C2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{58737FC5-1A18-683E-BAAF-4B2289A95A0C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5AAF4606-ABB7-C880-6EAD-04A6D630C2E3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5BCC6952-A400-DA5E-2572-D68C74339A1B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C19DA3A-627A-8F16-BA65-30D8566CB9E4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C335C11-F3C4-1C7D-F736-792A9AAF1A3B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5FD30CE7-0DCC-51E7-8545-3F1D6198A4F5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61B9FC5F-C646-B4CB-869C-F785091D313E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61BED734-12F8-5DA2-C2B0-73927CFBD801} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{644818B0-1DC5-DA37-CB9F-027B7A003092} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6521EDCB-F991-9B61-E2FB-195A166D77CC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{65E4EABE-726D-A1A3-3F3F-16A9763122CD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66100307-54EE-8324-718F-DA7041322625} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6791DBD8-D5AF-BB32-881B-9E6A6697BB55} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{683DA086-8E62-5396-D4EF-2401FF58EB59} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6913AE91-1F3B-3009-7376-CADA1478744C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6A3BB01D-5411-3AF3-1EF2-EC21C6B41EAD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6B30852F-DA6D-F58F-FBA4-E16DF5389605} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6B315769-33A2-0406-A039-366CA0B26BB1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C2A592C-2CEB-91F6-ABFC-8A6CAA196309} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6CAFD07F-ACFD-6954-5F24-9032D1744E5E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D77EB9B-E45C-AC40-2FA5-24A2FA5092CC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6DD01090-84AB-318F-9942-C3C8B055B9B5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC0AEDF-DCC2-3AF3-5964-88EAD9AC4791} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6F8BD72A-A449-9B34-E881-3708BE2A7336} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6FBFC767-BA2D-2F70-8A5D-A98994EFD552} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6FCD07E1-AB98-4480-DF5F-315E3773A206} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{710D3C20-C670-A039-13C6-77E5AC9AC722} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{739621F9-67C3-6C65-8698-3424E2F1ED8C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{75E70B31-4E2B-4CAC-01CF-66A22B2AADFA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77787939-7B32-FD56-1833-EB1926FA4037} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{77E39910-F47A-BA88-8CA1-BAC672A713B9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7869E6B3-D323-6BCB-ADD4-E5D10D876F39} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{789B3E43-9906-36FD-7592-A738BC588C2E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{789E72D6-E372-0623-F4B5-C8D782FB1FF5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{78CD0FAF-4845-F029-1D02-4A3989B4B1D5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{798A115F-4CDC-085F-69E2-7E5DD1711A21} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7AE7CAC6-2EE1-E959-4E3A-02B4D1889480} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C0FF55E-E9AE-F913-0FC2-E683C07B83BA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7CCE6452-9DBC-615F-2B63-B92A8D4C2292} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7FD1C6CE-B869-3B10-086D-CD732EE71233} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{80D79146-9A94-94FC-2D86-344D3D04EE7A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{81C4026E-2E5E-88DC-7B26-44B223181EC2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8452BC65-9E1F-8A0C-B537-38BCC7650B62} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8650B9FD-D511-3B3C-53C7-3F446E18261C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{871E5A19-66EB-CF29-CC81-77FC95375D97} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{87869FFC-4490-570A-CD4E-AA7595A2FB41} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{883EB852-CB6C-D513-4044-9A81CAF3AEA8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{894CE623-CF52-CC5D-EAE4-AE8C6849B369} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A0E5851-C2F7-543D-41EA-644819A75CFC} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B10E5C2-6029-0876-04F6-786D53DF4AD3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B1C1164-6A5F-05B8-7364-9AC14833E964} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BE5B60C-8756-9F71-6279-292C14490AD2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8C97B825-7659-E662-027A-CDEDD5121011} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D404A47-9791-D80C-3E84-8E7B3D9C3C44} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D86E46F-B9DE-ADD7-1BA7-60042DD50BAA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8F25C446-FCA0-E176-9876-4060D9B1BE10} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{912319D7-D36D-DED4-B6ED-977C23402843} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{92B633A3-0AC2-646E-E2D7-D9D8DFA4C0CD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9349E2D9-9792-5461-B625-11C9885773A4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{939A9348-B14A-F197-B3DD-C6A5ABCDEA89} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{95403FF6-A690-5E88-C0B4-C7CE6F234369} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{960130C2-7AFF-4036-AC76-1E709CC49FD6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{979ED9FE-798C-77B1-BF79-A3BC1983DD6E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97CFEC37-F4BD-D7AD-DE93-8818A2F7F992} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99399FD2-2312-C70A-9033-A6E121F22B6E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{994EDA46-B661-5A1B-A507-6884B4BF72B3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99E1F320-9434-2CBA-8227-28CAF76452D4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9B1CA2E0-81ED-115F-EAEB-BE457124035F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9B25BCAB-D3CF-F3E7-5310-C70A87FBFEEA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9B7C2335-0843-5E5B-788F-008A17712626} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E36483D-36A3-2FD6-E6B5-7E47C21A009F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A1478393-27A6-A004-43B7-4A801508772A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A2C9646F-0E5D-DEF3-8150-C0F288244033} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A2CA1BE2-4F84-321D-86EF-3B7600C2E334} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A2E2EDE4-E2D3-F3DF-1F23-8C3BEE10E0AA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A2FF9A40-E2E1-CC2F-7F17-8DF516B28258} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A3DBF987-3149-B4CE-378C-729E03F10374} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A42316A5-6C97-FB02-0F02-DACA0C0CF3AF} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A5B853EB-02AC-5701-5CE5-B7B603A3964D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A5E063C0-83EA-F6F7-0406-386818E1A9E9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6702ADD-F9FC-F792-1265-9B33BE0904C6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6A72AAF-CB9E-27D8-86D1-5DCB49B7F01F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8A23479-ED9D-1E98-9D3B-BE5D9FF6BBE1} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A96D2757-8A8F-6CAD-EFBE-04E2CE5AE7D8} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AA53D1EB-71C5-5171-BF05-BCB9E3BCD005} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AC2D8F55-4AC6-20AE-E0C0-B85403479114} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ADF76170-CC18-3741-2816-BCD9B35094C9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B0927904-C960-1788-1A77-739AAE7B602F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B0957B29-6605-0ACF-0683-0B29FEADFBE3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B12565FA-5A0A-BC98-EAE6-0AF60649DD54} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4818A00-3F49-E55B-35AC-96779152E22A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4EFEC2D-7EFF-8608-94F7-063C1233592C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B661DFA3-1238-16D4-3926-4935BAF6CB6F} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BB2E6852-7961-1E70-E3C8-8433F21B7649} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BBF6C91B-BC8D-9FD0-A0DA-199E2D773BC9} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC9567C0-8225-3768-B3DD-6CC2E2BF980B} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCD9AA53-E6B2-A242-54F5-E2D81A3E8757} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE0B3C0A-A3E9-F3AA-6F74-8EFF74FBA698} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE45C8F6-4291-04FB-430F-30AC5CCF0057} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C13D039D-4797-A972-6DE9-A5B7D68ED031} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C15E8A09-A419-0B02-2618-8EBE6AA23677} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C4322B27-0B19-D263-F955-4B1DF8B80E2E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C91EDBB2-8C5D-DECD-E91F-6006DF80FA5D} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C92A7209-D878-CDBA-715F-0ADF6FD6C738} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAF6E144-63FF-5169-432A-A4605DE3B9A4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC5AE66A-1C52-B62A-D032-EC2DB2630092} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC5F15C0-4FA5-2B34-9D3E-0BB480B5C834} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE9F8009-C44E-E5EA-C0CB-75CE8EB66346} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D2481899-BB11-955E-88C7-DE147868F4CD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6D63F1C-7959-7880-89DD-1710A5C146F6} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6F96C8F-4512-A517-5DA8-FB1C35C3D1C0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D7AEEC4F-EF23-DBBF-0F03-E70594344763} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D81B9CDB-3C8B-D232-7C45-5147C3E9EE5C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D89FEB47-489B-5DB5-8F56-21233C5B92D4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D9529B1E-58BD-C16B-D9B2-14013AC2FD84} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D992E5CD-B70B-B18D-B624-19D9C13AED04} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD4B1E58-8316-27DC-4B57-7B256202DDAD} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD5A16A2-EE5C-F44A-5937-DD9E206DF734} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DE2E18F3-E44D-115C-6A8C-1AE89883EC75} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7AB9ED-CC80-B559-EE40-8DBD50AF24FA} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DFCBB536-180F-FD1F-9ABF-369D9DE5D726} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E0626C67-424F-B7C7-BCE9-D6A46FA757C0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E0AEB7AC-A620-791D-2529-5ADF8D029A5E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E14627D5-3B9E-EE70-3BA6-C7654480CDD3} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E2FA5ADF-2EE4-349E-8197-095C5E7C1822} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E2FD0FD6-AD1B-0E95-AC33-F5515B5A3EC5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E3708A67-0AF9-BAD5-D11A-A1478BEC083E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E5DA52CD-7934-85DB-C826-C69901B51085} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E7E1386A-12D3-8E93-955B-0A8C7D74C8E0} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E962AC74-29D8-A4A9-1DBF-38F236D56CF5} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAAF0E43-9935-74EF-010B-EDD5BE690BB4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAB86C94-75BA-4E15-5B61-F49CC5FF8606} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EB831990-F50B-96D1-3A6D-EDA7622633CF} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDD0FA6A-D598-B563-ABA9-261EAEB33DE2} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF566E13-6825-500A-957F-C72AD1DF5E45} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F042AD18-E71C-6ECD-7132-91145956736C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F0433EDA-457B-BCD1-E20A-BAA824CBC00A} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F491206F-874D-A508-8965-52DD77E58735} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F74BE206-1DFE-36CA-AD40-4E17A18DEFF4} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F7ABA7E2-3EE8-6A74-1A15-9D6E47A99372} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F7AC6D6E-CC2C-9312-B04A-BE6B29FCC68C} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F94A7365-02EF-86A8-A674-9941E8B9CFED} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA1487A3-BE0B-8C8F-EE8B-A7306DC4EB4E} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB125D13-8C67-EBA5-E5DE-94B08B341C38} -> Adware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FF52FC75-302C-5DED-C090-F77905337D75} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02B346C4-C2D8-E7EA-C145-EF1A22D8F514} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07DA44E0-3BFC-A455-CD97-F7B7B8790347} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0DD6BB03-8289-D618-06F8-B2AA52FEFF61} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{13B86F72-7AF8-F8F0-286D-B850DB32EB1A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{19DD772F-69FF-2A03-C656-A77D74F05C8C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C5B795D-B77D-F4CA-D6EC-0CF1958D26BB} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2299D671-FC69-27B9-F4B4-AC5172A9786E} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{282032FC-C6CA-9E36-F009-345A15203683} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B33EA89-1D32-F522-553E-7D97ADB095BC} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{402D9D8E-512D-DD3D-E121-9FD3F6D6F3C7} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4883C148-5DF5-F52E-033E-3A175DFD6596} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49D9C3D0-94CC-611C-83AF-233BCD1C07C4} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{544AA546-ADBE-242A-7601-DD9E43DBD201} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57D9E3A0-D008-4547-082E-6D844E2D6A18} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{66D624CA-2D87-3229-33B9-8750E66D4ABB} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{67852D6B-C5A1-E2D1-3727-9D903FF50A97} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A3BB01D-5411-3AF3-1EF2-EC21C6B41EAD} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7090347C-8C6B-D01E-EF10-8D29EF9542AA} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{78B32CF3-F754-DD88-1C38-3DEE75CE2B25} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8270D71D-E710-2031-C7F9-DA6ACBC95DC6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{830AA2F8-C8EB-24B1-C5F4-64095BDA680E} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85CC1685-0441-3212-9DC9-3C658F9C15E6} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{927AE5BC-41C7-D01F-8143-D23525B82F67} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ABD55B8-A2CA-BE23-F848-21D286EF33B7} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A16A74CA-2FA4-7746-A5FB-F309CC45452C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A5C47A88-CB23-F3BA-C177-9E0B32E3BD3D} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A83F2621-E630-7943-FD17-24FC9321228A} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AAEAF0EF-4CCD-6801-830D-30AC3AB7C39B} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B912E0DE-C5DE-D46B-A8B0-802D6CB6F68C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BBF5E38D-037F-77FE-1BD4-D0175630EF03} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCD9AA53-E6B2-A242-54F5-E2D81A3E8757} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CAF6E144-63FF-5169-432A-A4605DE3B9A4} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBAA4450-710E-86CC-89DB-00D04CC21EAE} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFCBB536-180F-FD1F-9ABF-369D9DE5D726} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0103CD4-D1CE-411A-B75B-4FEC072867F4} -> Trojan.Puper.ac : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EAF521EB-5513-475B-B2B3-4D4B1195A1B0} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F6EE41BB-A0CE-5AA0-EF05-7C37EE2DA96F} -> Adware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1710738407-1749521121-372829268-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF52FC75-302C-5DED-C090-F77905337D75} -> Adware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\alambert\Cookies\alambert@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.24:C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.29:C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.32:C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.33:C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.36:C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.61:C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
:mozilla.65:C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
:mozilla.74:C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\Autorun -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\Autorun\HKCURun -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnce -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\Autorun\HKCURun\RunOnceEx -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\Autorun\HKLMRun -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnce -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\Autorun\HKLMRun\RunOnceEx -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\Autorun\StartMenuAllUsers -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\Autorun\StartMenuCurrentUser -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Application Data\WinHound.com\WinHound\BrowserObjects -> Adware.WinHound : Cleaned with backup
C:\Documents and Settings\rlambert\Cookies\rlambert@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\rlambert\Cookies\rlambert@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\rlambert\Cookies\rlambert@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\rlambert\Cookies\rlambert@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\rlambert\Cookies\rlambert@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:inash -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:irxlo -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:lrtag -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:qxxki -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:raqgs -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:xlqpv -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:xpuss -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:xtbgs -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:yutqb -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:zcwzh -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008010.PIF:zvpgg -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:inash -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:irxlo -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:lrtag -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:qxxki -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:raqgs -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:xlqpv -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:xpuss -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:xtbgs -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:yutqb -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:zcwzh -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP19\A0008017.PIF:zvpgg -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:inash -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:irxlo -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:lrtag -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:qxxki -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:raqgs -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:xlqpv -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:xpuss -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:yutqb -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:zcwzh -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008047.PIF:zvpgg -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:inash -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:irxlo -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:lrtag -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:qxxki -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:raqgs -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:xlqpv -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:xpuss -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:xtbgs -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:yutqb -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:zcwzh -> Downloader.Agent.bc : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP20\A0008061.PIF:zvpgg -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP21\A0008064.PIF:inash -> Downloader.Agent.td : Cleaned with backup
C:\System Volume Information\_restore{11B4CBB0-31B0-483C-A4FE-D6E9E8C1A928}\RP21\A0008064.PIF:irxlo -> Downloader.Agent.td : Cleaned with backup

#6 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:26 PM

Posted 13 April 2006 - 08:12 AM

Hi again, that's starting to look a LOT better now. Posted Image

Go ahead and uninstall Ewido.

==

Please run a scan with HijackThis and check the following objects for removal:

O2 - BHO: (no name) - {02B346C4-C2D8-E7EA-C145-EF1A22D8F514} - (no file)
O2 - BHO: (no name) - {2B33EA89-1D32-F522-553E-7D97ADB095BC} - (no file)
O2 - BHO: (no name) - {4883C148-5DF5-F52E-033E-3A175DFD6596} - (no file)
O2 - BHO: (no name) - {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C} - (no file)
O2 - BHO: (no name) - {544AA546-ADBE-242A-7601-DD9E43DBD201} - (no file)
O2 - BHO: (no name) - {A16A74CA-2FA4-7746-A5FB-F309CC45452C} - (no file)
O2 - BHO: (no name) - {A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A} - (no file)
O2 - BHO: (no name) - {A83F2621-E630-7943-FD17-24FC9321228A} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\rlambert\Local Settings\Temporary Internet Files\Content.IE5\OBJREKDD\WinAntiSpywareScannerInstall[1].exe" -nag


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Please reboot.

==

After reboot:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

==

Post back with a fresh log and let me know how's the system running now. :thumbsup:
Hi there, stranger!

#7 Ray Lambert

Ray Lambert
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 13 April 2006 - 12:11 PM

Hello Rawe,

THree observations:

1. The ATF Cleaner seemed to remove a very large number bytes
2. CWS seems to be gone :thumbsup:
3. The computer speed seems to be greatly improved although I think it should be faster.

I can't thak you enought!

Fresh log follows.

-Ray

Logfile of HijackThis v1.99.1
Scan saved at 12:52:06 PM, on 4/13/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\Drivers\DadTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\Norton AntiVirus\OPScan.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findwe...ast?query=03253
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {02B346C4-C2D8-E7EA-C145-EF1A22D8F514} - (no file)
O2 - BHO: (no name) - {2B33EA89-1D32-F522-553E-7D97ADB095BC} - (no file)
O2 - BHO: (no name) - {4883C148-5DF5-F52E-033E-3A175DFD6596} - (no file)
O2 - BHO: (no name) - {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C} - (no file)
O2 - BHO: (no name) - {544AA546-ADBE-242A-7601-DD9E43DBD201} - (no file)
O2 - BHO: (no name) - {A16A74CA-2FA4-7746-A5FB-F309CC45452C} - (no file)
O2 - BHO: (no name) - {A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A} - (no file)
O2 - BHO: (no name) - {A83F2621-E630-7943-FD17-24FC9321228A} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\rlambert\Local Settings\Temporary Internet Files\Content.IE5\OBJREKDD\WinAntiSpywareScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093302662033
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37670.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

#8 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:26 PM

Posted 13 April 2006 - 02:25 PM

Ok.. Few more things to handle. :thumbsup:

Go ahead and delete ATF-Cleaner.

==

Download and install Registrar Lite version 2.00
  • Double click the purple Registrar Lite icon on your desktop.
  • Copy the line below and paste it into the "Address" field (located at the top) of the program:

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects

  • Click the "Go" button.
  • On the right-hand side it will load all of your BHOs (you'll just see a bunch of numbers)
  • Locate the following entries:
    • {02B346C4-C2D8-E7EA-C145-EF1A22D8F514}
      {2B33EA89-1D32-F522-553E-7D97ADB095BC}
      {4883C148-5DF5-F52E-033E-3A175DFD6596}
      {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C}
      {544AA546-ADBE-242A-7601-DD9E43DBD201}
      {A16A74CA-2FA4-7746-A5FB-F309CC45452C}
      {A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A}
      {A83F2621-E630-7943-FD17-24FC9321228A}
      {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C}
  • Right-click on each one and select Properties
  • Click the Permissions Button and a new window will open.
  • Click the Advanced button
  • Place a checkmark next to the following:
    'Inherit from parent the permission entries that apply to child objects...'
  • Click OK, Ok again and rightclick on each of the following:{02B346C4-C2D8-E7EA-C145-EF1A22D8F514}
    {2B33EA89-1D32-F522-553E-7D97ADB095BC}
    {4883C148-5DF5-F52E-033E-3A175DFD6596}
    {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C}
    {544AA546-ADBE-242A-7601-DD9E43DBD201}
    {A16A74CA-2FA4-7746-A5FB-F309CC45452C}
    {A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A}
    {A83F2621-E630-7943-FD17-24FC9321228A}
    {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C}
  • Choose delete.
  • Exit Registrar Lite.
Please reboot.

==

Run a scan with HijackThis and check the following objects for removal:

O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\rlambert\Local Settings\Temporary Internet Files\Content.IE5\OBJREKDD\WinAntiSpywareScannerInstall[1].exe" -nag
O4 - Startup: .protected
O4 - Global Startup: .protected
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)


Now close ALL other open windows except for HijackThis and hit FIX CHECKED. Close HijackThis.

==

Finally:

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a fresh HijackThis log. :flowers:

Hi there, stranger!

#9 Ray Lambert

Ray Lambert
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 13 April 2006 - 06:07 PM

Rawe,
I downloaded "reglit" using the link you provided. When I ran the install, I noted that it was versin 4.04 with a green icon. Do I care? Is this just a newer version? Should I proceed per the instructions you provided?
-Ray

#10 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:26 PM

Posted 14 April 2006 - 04:15 AM

Yes.. Please continue with the instructions.
Hi there, stranger!

#11 Ray Lambert

Ray Lambert
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 14 April 2006 - 08:33 AM

Hello Rawe,
In Registrar Lite 4.04, "properties" is grayed out and does not respone. Under the "security" tap there is a choice of "Edit permissions". When selected
, a note appears stating that this function is only available in the Registrar Pro version which can be purchased on line for 44.95 euros.

Is there another way to accomplish what we are trying to do?

Regards,
Ray

#12 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:26 PM

Posted 14 April 2006 - 08:46 AM

Yes.. try this.

Right-click each of the CLSID's listed and hit straight to Delete. We'll see if that works out. Then continue with the rest :thumbsup:
Hi there, stranger!

#13 Ray Lambert

Ray Lambert
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 14 April 2006 - 09:36 AM

Rawe,

No result! Cut,Copy,Paste,New Key,New Value,Delete,Rename,Export and Properties are all "grayed out".

The delete key on my Keyboard did nothing.

With no result I stopped and am awaiting further instructions.

Ray

#14 Rawe

Rawe

  • Members
  • 2,363 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:10:26 PM

Posted 14 April 2006 - 09:41 AM

Well THAT is interesting.

Ok, continue with the rest and we'll see whats left after that..
Hi there, stranger!

#15 Ray Lambert

Ray Lambert
  • Topic Starter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 14 April 2006 - 02:05 PM

Hello again,

Located the three O4's but neither of the O9's in the HJT scan. "Fixed the HKLM\........."-nag" entry but the Startup: and Global Startup: refused to be fixed. A message appeared to use Task Manager to effect a fix.

Panda Active and HJT scans shown below:

Thank You,
Ray Lambert

Incident Status Location

Adware:adware/searchaid Not disinfected C:\WINDOWS\SYSTEM32\apiyr.exe
Adware:adware program Not disinfected C:\WINDOWS\SYSTEM32\logs1.ini
Dialer:dialer.b Not disinfected C:\WINDOWS\SYSTEM32\nethv32.dll
Adware:adware/winad Not disinfected C:\WINDOWS\SYSTEM32\winad.dll
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\alambert\Cookies\alambert@atwola[1].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\rlambert\Application Data\Mozilla\Firefox\Profiles\ilhvt5c6.default\cookies.txt[]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\rlambert\Desktop\smitRem\Process.exe



Logfile of HijackThis v1.99.1
Scan saved at 2:32:33 PM, on 4/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SYSTEM32\Drivers\DadTray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe
C:\Program Files\Lexmark X6100 Series\lxbfbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
C:\Program Files\NETGEAR\WG511v2\wlancfg5.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\AUpdate.exe
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wunderground.com/cgi-bin/findwe...ast?query=03253
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
O2 - BHO: (no name) - {02B346C4-C2D8-E7EA-C145-EF1A22D8F514} - (no file)
O2 - BHO: (no name) - {2B33EA89-1D32-F522-553E-7D97ADB095BC} - (no file)
O2 - BHO: (no name) - {4883C148-5DF5-F52E-033E-3A175DFD6596} - (no file)
O2 - BHO: (no name) - {4A5B3E71-F19A-1D5B-B786-EF21EDBFE12C} - (no file)
O2 - BHO: (no name) - {544AA546-ADBE-242A-7601-DD9E43DBD201} - (no file)
O2 - BHO: (no name) - {A16A74CA-2FA4-7746-A5FB-F309CC45452C} - (no file)
O2 - BHO: (no name) - {A24F8C37-F76E-3BD7-BF8C-6F5B1A2F825A} - (no file)
O2 - BHO: (no name) - {A83F2621-E630-7943-FD17-24FC9321228A} - (no file)
O2 - BHO: (no name) - {F197B1B9-0AAF-D47B-4EDC-FF4944D4BD3C} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [DadApp] C:\WINDOWS\SYSTEM32\Drivers\dadapp.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NI.UWAS5_0001_N57M0812] "C:\Documents and Settings\rlambert\Local Settings\Temporary Internet Files\Content.IE5\OBJREKDD\WinAntiSpywareScannerInstall[1].exe" -nag
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\OLYMPUS\OLYMPUS Master\Monitor.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NETGEAR WG511v2 Wireless Assistant.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1093302662033
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37670.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C606BA60-AB76-48B6-96A7-2C4D5C386F70} (PreQualifier Class) - http://www.verizon.net/checkmypc/includes/MotivePreQual.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/as...rl/SymAData.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users