Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CoolWebSearch :(


  • This topic is locked This topic is locked
4 replies to this topic

#1 ogre

ogre

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 15 June 2004 - 12:27 AM

Hello guys i've been having this major problem with this "CoolWebSearch" it disallows me to view my webpages, slows down internet and sets a homepage for me always I dont have a clue how to get rid of it (res://mshp.dll/index.html#37049). I've used Spybot and Ad-aware it's still there. I've seen the same problem in a recent topic to do with Tony but he was using WindowsNT and i'm using WindowsXP. I'd much appreciate it if you fellas help and if Grinler can help out please!!

BC AdBot (Login to Remove)

 


m

#2 ogre

ogre
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 15 June 2004 - 12:48 AM

I'm using DLLFix to make logs of this here is my log. I'm also going to start using HijackTHIS.

========================
DLL FIX LOG
========================

--==***@@@ FIND-ALL' VERSION MODIFIED -6/05 @@@***==--
--==***@@@ ORIGINAL BY FREEATLAST @@@***==--

Tue 15/06/2004
03:48 PM

System Info:

Microsoft Windows XP [Version 5.1.2600]
C: "" (88B5:12CB) - FS:NTFS clusters:4k
Total: 10 487 197 696 [10G] - Free: 7 709 827 072 [7.2G]


*IE version and Service packs:
6.0.2800.1106 C:\Program Files\Internet Explorer\Iexplore.exe
*Notepad version :
5.1.2600.0 C:\WINDOWS\system32\notepad.exe
5.1.2600.0 C:\WINDOWS\notepad.exe
*Media Player version :
8.0.0.4487 C:\Program Files\Windows Media Player\wmplayer.exe

! REG.EXE VERSION 2.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Internet Settings
MinorVersion REG_SZ ;SP1;Q837009;Q832894;Q831167;



Locked or 'Suspect' file(s) found...
These may be other files that Dllfix doesnt target.


Scanning for main Hijacker:


REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects]
@=""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BDF3E430-B101-42AD-A544-FADC6B084872}]
@="NAV Helper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D34F08C5-4F18-477c-86CB-1A9BEECFE37B}]
@="."

REGEDIT4

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter]

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/octet-stream]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-complus]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\application/x-msdownload]
"CLSID"="{1E66F26B-79EE-11D2-8710-00C04F79ED0D}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\Class Install Handler]
@="AP Class Install Handler filter"
"CLSID"="{32B533BB-EDAE-11d0-BD5A-00AA00B92AF1}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\deflate]
@="AP Deflate Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\gzip]
@="AP GZIP Encoding/Decoding Filter "
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\lzdhtml]
@="AP lzdhtml encoding/decoding Filter"
"CLSID"="{8f6b0360-b80d-11d0-a9b3-006097942311}"

[HKEY_CLASSES_ROOT\PROTOCOLS\Filter\text/webviewhtml]
@="WebView MIME Filter"
"CLSID"="{733AC4CB-F1A4-11d0-B951-00A0C90312E1}"

*Security settings for 'Windows' key:


RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright © 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!


Can't open Registry key hklm\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows:

2 - The system cannot find the file specified.

#3 ogre

ogre
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 15 June 2004 - 01:14 AM

====================
HiJackTHIS Loh
====================

Logfile of HijackThis v1.97.7
Scan saved at 4:13:38 PM, on 15/06/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
F:\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
F:\NORTON~1\navapw32.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Computer User\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cable.optusnet.com.au/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = http://localhost
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - F:\Norton AntiVirus\NavShExt.dll
O2 - BHO: . - {D34F08C5-4F18-477c-86CB-1A9BEECFE37B} - C:\Documents and Settings\Computer User\Application Data\winpo\winpo32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - F:\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [AudioHQU] C:\Program Files\Creative\SBLive\AudioHQ\AHQTBU.EXE
O4 - HKLM\..\Run: [NAV Agent] F:\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\Symantec\LIVEUP~1\SNDMon.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: ICQ Pro (HKLM)
O9 - Extra 'Tools' menuitem: ICQ (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)

#4 ogre

ogre
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:17 AM

Posted 15 June 2004 - 01:16 AM

================
Ad-Aware Log
================


Lavasoft Ad-aware Personal Build 6.181
Logfile created on :Tuesday, 15 June 2004 3:29:37 PM
Created with Ad-aware Personal, free for private use.
Using reference-file :01R298 20.04.2004
______________________________________________________

Ad-aware Settings
=========================
Set : Activate in-depth scan (Recommended)
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep scan registry


15-06-2004 3:29:37 PM - Scan started. (Smart mode)

Listing running processes
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ThreadCreationTime : 15-06-2004 5:13:28 AM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ThreadCreationTime : 15-06-2004 5:13:32 AM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-06-2004 5:13:32 AM
BasePriority : Normal
FileSize : 99 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
OriginalFilename : services.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00 PM
Last accessed : 15/06/2004 5:13:24 AM
Last modified : 23/08/2001 12:00:00 PM

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-06-2004 5:13:32 AM
BasePriority : Normal
FileSize : 11 KB
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
OriginalFilename : lsass.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00 PM
Last accessed : 15/06/2004 5:20:48 AM
Last modified : 28/08/2002 5:41:26 PM

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-06-2004 5:13:32 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00 PM
Last accessed : 15/06/2004 4:39:11 AM
Last modified : 23/08/2001 12:00:00 PM

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-06-2004 5:13:32 AM
BasePriority : Normal
FileSize : 12 KB
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
OriginalFilename : svchost.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00 PM
Last accessed : 15/06/2004 4:39:11 AM
Last modified : 23/08/2001 12:00:00 PM

#:7 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ThreadCreationTime : 15-06-2004 5:13:37 AM
BasePriority : Normal
FileSize : 50 KB
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
OriginalFilename : spoolsv.exe
ProductName : Microsoft
Created on : 23/08/2001 12:00:00 PM
Last accessed : 15/06/2004 5:13:24 AM
Last modified : 23/08/2001 12:00:00 PM

#:8 [navapsvc.exe]
FilePath : F:\Norton AntiVirus\
ThreadCreationTime : 15-06-2004 5:13:38 AM
BasePriority : Normal
FileSize : 113 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
OriginalFilename : NAVAPSVC.EXE
ProductName : Norton AntiVirus
Created on : 1/05/2004 12:44:51 PM
Last accessed : 15/06/2004 5:12:42 AM
Last modified : 27/02/2002 1:29:26 AM

#:9 [nvsvc32.exe]
FilePath : C:\WINDOWS\System32\
ThreadCreationTime : 15-06-2004 5:13:39 AM
BasePriority : Normal
FileSize : 108 KB
FileVersion : 6.14.10.5672
ProductVersion : 6.14.10.5672
Copyright : © NVIDIA Corporation. All rights reserved.
CompanyName : NVIDIA Corporation
FileDescription : NVIDIA Driver Helper Service, Version 56.72
InternalName : NVSVC
OriginalFilename : nvsvc32.exe
ProductName : NVIDIA Driver Helper Service, Version 56.72
Created on : 24/03/2004 12:04:00 AM
Last accessed : 15/06/2004 5:13:24 AM
Last modified : 24/03/2004 12:04:00 AM

#:10 [ahqtbu.exe]
FilePath : C:\Program Files\Creative\SBLive\AudioHQ\
ThreadCreationTime : 15-06-2004 5:13:39 AM
BasePriority : Normal
FileSize : 172 KB
FileVersion : 1.13.0
ProductVersion : 1.13.0
Copyright : Copyright © Creative Technology Ltd. 2001
CompanyName : Creative Technology Ltd.
FileDescription : Creative AudioHQ
InternalName : AHQTaskBar
OriginalFilename : AHQTbU.exe
ProductName : AudioHQ
Created on : 1/05/2004 6:05:41 AM
Last accessed : 15/06/2004 5:13:39 AM
Last modified : 17/01/2002 3:13:00 PM

#:11 [navapw32.exe]
FilePath : F:\NORTON~1\
ThreadCreationTime : 15-06-2004 5:13:39 AM
BasePriority : Normal
FileSize : 73 KB
FileVersion : 8.07.17
ProductVersion : 8.07.17
Copyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Agent
InternalName : NAVAPW32
OriginalFilename : NAVAPW32.EXE
ProductName : Norton AntiVirus
Created on : 1/05/2004 12:44:51 PM
Last accessed : 15/06/2004 5:13:40 AM
Last modified : 27/02/2002 1:27:58 AM

#:12 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ThreadCreationTime : 15-06-2004 5:13:40 AM
BasePriority : Normal
FileSize : 4572 KB
FileVersion : 6.1.0211
ProductVersion : Version 6.1
Copyright : Copyright © Microsoft Corporation 1997-2003
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr
OriginalFilename : msnmsgr.exe
ProductName : Messenger
Created on : 4/03/2004 5:01:00 AM
Last accessed : 15/06/2004 5:13:24 AM
Last modified : 4/03/2004 5:01:00 AM

#:13 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ThreadCreationTime : 15-06-2004 5:18:35 AM
BasePriority : Normal
FileSize : 89 KB
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
OriginalFilename : IEXPLORE.EXE
ProductName : Microsoft
Created on : 1/05/2004 5:56:41 AM
Last accessed : 15/06/2004 5:18:35 AM
Last modified : 28/08/2002 5:41:26 PM

#:14 [explorer.exe]
FilePath : C:\WINDOWS\
ThreadCreationTime : 15-06-2004 5:21:35 AM
BasePriority : Normal
FileSize : 973 KB
FileVersion : 6.00.2800.1221 (xpsp2.030511-1403)
ProductVersion : 6.00.2800.1221
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
OriginalFilename : EXPLORER.EXE
ProductName : Microsoft
Created on : 11/05/2003 11:12:10 AM
Last accessed : 15/06/2004 5:21:35 AM
Last modified : 11/05/2003 11:12:10 AM

#:15 [ad-aware.exe]
FilePath : F:\Lavasoft\Ad-aware 6\
ThreadCreationTime : 15-06-2004 5:29:24 AM
BasePriority : Normal
FileSize : 668 KB
FileVersion : 6.0.1.181
ProductVersion : 6.0.0.0
Copyright : Copyright
CompanyName : Lavasoft Sweden
FileDescription : Ad-aware 6 core application
InternalName : Ad-aware.exe
OriginalFilename : Ad-aware.exe
ProductName : Lavasoft Ad-aware Plus
Created on : 14/06/2004 11:01:54 AM
Last accessed : 15/06/2004 5:29:24 AM
Last modified : 12/07/2003 11:00:20 AM

Memory scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 0
Objects found so far: 0


Started registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ae23.ae23obj


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ae23.ae23obj.1


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{0B40A54D-BEC3-4077-9A33-701BD6ACDEB2}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{2e9caff6-30c7-4208-8807-e79d4ec6f806}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : CLSID\{fd9bc004-8331-4457-b830-4759ff704c22}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhook.searchhookobject


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : searchhook.searchhookobject.1


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEFeatSL_Uninstall


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchHook


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShowSearch


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : TYPELIB\{ed7a0b22-11d9-4f74-8c1d-0936efa66b3d}


Registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 13
Objects found so far: 13


Started deep registry scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagemshp.dll

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/sp.html#37049"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "res://mshp.dll/sp.html#37049"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagemshp.dll

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/index.html#37049"
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://mshp.dll/index.html#37049"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainSearch Pagemshp.dll

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/sp.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Search Page
Data : "res://mshp.dll/sp.html#37049"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainStart Pagemshp.dll

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/index.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Start Page
Data : "res://mshp.dll/index.html#37049"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Search_URLmshp.dll

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/sp.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Search_URL
Data : "res://mshp.dll/sp.html#37049"

Possible browser hijack attempt : Software\Microsoft\Internet Explorer\MainDefault_Page_URLmshp.dll

Possible Browser Hijack attempt Object recognized!
Type : RegData
Data : "res://mshp.dll/index.html#37049"
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Internet Explorer\Main
Value : Default_Page_URL
Data : "res://mshp.dll/index.html#37049"


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E2DDF680-9905-4dee-8C64-0A5DE7FE133C}


Deep registry scan result :
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 7
Objects found so far: 20


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

Tracking Cookie Object recognized!
Type : File
Data : computer user@as-us.falkag[2].txt
Object : C:\Documents and Settings\Computer User\Cookies\

Created on : 14/06/2004 11:52:43 AM
Last accessed : 15/06/2004 5:32:03 AM
Last modified : 14/06/2004 11:52:43 AM



Tracking Cookie Object recognized!
Type : File
Data : computer user@qksrv[1].txt
Object : C:\Documents and Settings\Computer User\Cookies\

Created on : 14/06/2004 11:51:52 AM
Last accessed : 15/06/2004 5:32:03 AM
Last modified : 14/06/2004 11:51:52 AM



Tracking Cookie Object recognized!
Type : File
Data : computer user@tribalfusion[1].txt
Object : C:\Documents and Settings\Computer User\Cookies\

Created on : 14/06/2004 11:52:45 AM
Last accessed : 15/06/2004 5:32:03 AM
Last modified : 14/06/2004 11:52:45 AM



Tracking Cookie Object recognized!
Type : File
Data : computer user@z1.adserver[1].txt
Object : C:\Documents and Settings\Computer User\Cookies\

Created on : 14/06/2004 11:52:46 AM
Last accessed : 15/06/2004 5:32:03 AM
Last modified : 14/06/2004 11:54:18 AM


ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Deep scanning and examining files (C:)
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ


Performing conditional scans..
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ

CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Image.Image


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : Image.Image.1


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ShowSearch.ViewSource


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CLASSES_ROOT
Object : ShowSearch.ViewSource.1


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\d78ffc13


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E9CAFF6-30C7-4208-8807-E79D4EC6F806}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22}


CoolWebSearch Object recognized!
Type : RegKey
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Submit URL


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run
Value : Image


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_LOCAL_MACHINE
Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value : Image


CoolWebSearch Object recognized!
Type : RegValue
Data :
Rootkey : HKEY_CURRENT_USER
Object : Software\Microsoft\Windows\CurrentVersion\RunServices
Value : Image


CoolWebSearch Object recognized!
Type : Folder
Object : c:\program files\Submit


CoolWebSearch Object recognized!
Type : File
Data : submithook.dll
Object : c:\program files\submit\
FileSize : 136 KB
FileVersion : 1, 6, 0, 0
ProductVersion : 1, 6, 0, 1
Copyright : Copyright 2002
FileDescription : Free Community Toolbar
InternalName : Free Community
OriginalFilename : LizardBar.dll
ProductName : Free Community Toolbar
Created on : 22/12/2003 4:40:54 PM
Last accessed : 15/06/2004 5:09:03 AM
Last modified : 22/12/2003 4:40:54 PM



CoolWebSearch Object recognized!
Type : File
Data : uninstall.exe
Object : c:\program files\submit\
FileSize : 20 KB
Created on : 22/12/2003 4:41:46 PM
Last accessed : 15/06/2004 5:33:03 AM
Last modified : 22/12/2003 4:41:46 PM



CoolWebSearch Object recognized!
Type : File
Data : uninstall.ini
Object : c:\program files\submit\
FileSize : 1 KB
Created on : 14/06/2004 11:06:31 AM
Last accessed : 15/06/2004 5:33:03 AM
Last modified : 14/06/2004 11:06:31 AM



CoolWebSearch Object recognized!
Type : File
Data : mshp.dll
Object : c:\windows\
FileSize : 70 KB
Created on : 14/06/2004 11:09:15 AM
Last accessed : 15/06/2004 5:33:03 AM
Last modified : 14/06/2004 11:09:22 AM



Conditional scan result:
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
New objects : 18
Objects found so far: 42


3:33:04 PM Scan complete

Summary of this scan
ŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻŻ
Total scanning time :00:03:26:497
Objects scanned :44654
Objects identified :42
Objects ignored :0
New objects :42

#5 Guest_Plimsol_*

Guest_Plimsol_*

  • Guests
  • OFFLINE
  •  

Posted 15 June 2004 - 10:45 AM

First i advise that you move the hijackthis.exe file into its own folder like c:\hijackthis.

Now, reboot and please post a brand new hijackthis log. THe last one looked a bit empty, but it is possible it was the whole thing. Lets just get a new log and start from scratch. Please do not clean anything yourself.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users