Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Absolute Mayhem! Going To Scrap Computer!


  • Please log in to reply
11 replies to this topic

#1 strongtrees

strongtrees

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 07 December 2006 - 01:34 PM

This is really aggravating!

Computer starts up very very slowly.

as soon as I try to use IE I get pop up after pop up. I can not do anything using IE.
Downloaded IE7, no better. I fact if I click on a new tab, IE7 shuts off.
Ran every spyware, malware, virus scan I can find, still no better.
Can't update using windows update. It seems like every time I try to do something that might improve the performance of the computer, it is stopped, blocked, or slowed down.
Couldn't run Housecall, Panda or Bit Defender.
Can't defrag!

Installed Firefox from a disc, I can actually get on the internet, but it is still slow.

Took forever to run Hijack this, but here is the logfile.
I see some entries that appear to be problems in the trusted zones, but want some professional advice!

Logfile of HijackThis v1.99.1
Scan saved at 12:39:39 PM, on 12/7/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "mike"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nkpva.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\bWlrZQ\command.exe (file missing)
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

BC AdBot (Login to Remove)

 


#2 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:03 AM

Posted 07 December 2006 - 02:32 PM

Hi strongtrees, :flowers:

We're studying your log right now and will be back to you a.s.a.p.

Thanks for your patience. :thumbsup:

#3 strongtrees

strongtrees
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 07 December 2006 - 02:57 PM

Thank you Falu,
You assistance is greatly appreciated!

#4 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:03 AM

Posted 09 December 2006 - 11:12 AM

Hi strongtrees, :thumbsup:

Welcome to BleepingComputer Forums and thanks again for your patience.

1. Unfortunately I see no firewall in your runing processes which probably means that you have none. I urge you to install one since it's your first defense against malware. There are several good but for free programmes available like:

Sygate
Kerio
Zone alarm

For a tutorial on Firewalls click: Understanding and Using Firewalls!

2. We need to disable your Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

You may re-enable it again when your computer is clean; I will let you know!

3. Download combofix.exe
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

4. You already have AVG AntiSpyware 7.5 on your computer. Please update the database but do not run it yet.

5. Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 a few times before Windows loads. Select Safe Mode at the top, on the screen that appears.

6. Then run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
  • Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and uncheck "Only if Threats are found"
  • Click back to the "Scan" tab and then click on Complete System Scan.
    This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware 7.5 will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
7. Go to your Program Files and rename Hijackthis.exe to Analyse.exe and than reboot.
After reboot, run Analyse.exe (which is hijackthis of course) and post the log it creates in your next reply.

Please post the AVG report along with the ComboFix report and a new HijackThis log.

#5 strongtrees

strongtrees
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 04 January 2007 - 09:52 PM

Hey ther Falu,
Sorry it took me so long to get back to you.
Holidays, Kids, Work Etc!
Hope your holidays were good.

Here is the info you requested. I really do appreciate the help.
Thanks again.


---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:18:02 PM 12/15/2006

+ Scan result:



C:\WINDOWS\aff_0006.exe/AutoSearch.dll -> Adware.AutoSearch : Cleaned with backup (quarantined).
C:\Documents and Settings\dana\Local Settings\Temp\cmfibula.exe -> Adware.CASClient : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02E5DA79-DA5C-C19C-1D4B-D80A9ABEFF86} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06103706-2824-5060-4507-DEAA3B6E9276} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{063F24BD-007E-45AF-17F8-701D011BF74E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07E3A13B-657F-5210-C8A4-A2F729B41F82} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B01F3E9-B4C0-2C24-AA3E-F733655C3C34} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10ABDCE8-0FE1-1F00-353B-C722D83B9139} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10FEB7E7-4A2D-6D1F-3B9F-8F9FEE32D825} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11432651-A087-8D4D-B7F1-E0B7E38F5E5D} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F982EB-C661-7345-F68F-352FD00B78A2} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{137FBD76-C94E-29D8-CB88-FB29E07E3C8E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17B9E72C-E678-0C21-C46F-E92A6822C0AC} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B7868F3-747F-F324-23F0-1A3EC3D2C170} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BA67921-9029-436C-08A6-0B7567B9E2FA} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BB1DE84-F16B-DF8E-C8B2-9CDBEB7F352E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24BF9601-89AC-C428-79E2-5F25AEF61F74} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{270B770B-A81B-7F32-31CA-A8A4B3E5B7AD} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27627E61-8828-2E5B-F537-73A167A007E5} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B782120-57DE-0DCB-A169-ADA431954352} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C13A2ED-A7FA-1D37-8986-6A429E0CF015} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D6A84B0-0E8B-FE15-DF75-97FBBC623369} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3090709C-6EA7-0316-84DA-2AC3A09FD1CB} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{309B0370-9499-BD83-5B63-522A8DC7EFD4} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3228229A-289E-9E2F-9154-02F1DC5C463F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32D481BA-7CF2-3434-A0CE-1686F9FF5DD9} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3411D016-D625-CFE9-E364-68E7CE563CE6} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39B62ABB-D24C-0396-6EAB-24341A08486A} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AD12656-0FD3-1764-2D8E-76287329A8BC} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C69E401-83BA-7846-3959-9348791DBFD2} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DF9FEA0-C07D-4604-D880-979D7BAA3C8F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{434697B1-B0A0-8A25-A2B0-15519E338038} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44D3E95A-E07D-57C0-7AB8-4D195338DFA7} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4566CC43-0B31-07E0-141A-12FC7D5FF802} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45BB1FA8-10CC-E652-7FA6-97FBCB7B4849} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47C204A5-E895-96EB-426E-94589DE2EF1E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49131BF8-B481-A120-9036-48F6347DFAFF} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CBD9816-6536-6749-6F98-2632064A7FC9} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{539B572E-7B0F-7CC3-9352-C94BF984726F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57431542-0B78-C8F5-0587-4323710F1B6B} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E42E71F-1508-1D07-6338-29CE7B59941D} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E69E594-649C-5E92-356E-8CDF7589910E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61675AEA-0AAC-FB29-2A8B-E712314B4A52} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6193F353-3FEC-F33C-C485-636D47657206} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64A6ABE0-9644-5928-19BA-9CBAE0E5D13F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64BC7D77-4AA1-8991-2D79-116794A9DB1B} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64CBC2F6-6BBC-FF4A-8C67-D64BFD312060} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{655E410A-DEC2-F00A-61F5-F4B2C0F1BA9B} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{677E2C7E-9AA3-89B1-AE72-254C8C73C4D0} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6792B86A-27D8-CE33-F604-0569F036A431} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{705AE961-E2F5-CF0B-A264-699350E41DFA} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70AB6A13-94F0-513A-F548-18F7897AEA93} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70DE2D85-F521-47F2-FB12-177FEB319E41} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77915096-204D-E2F0-F041-8CEDC66033AE} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{789B3E43-9906-36FD-7592-A738BC588C2E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8309C7B2-F8C1-1F6A-FA52-5B8262B95E89} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85389C19-9846-3EB7-FED8-ECFDDEB7598A} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{881B3769-6610-B1DD-8D28-C87339428317} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A805C25-C0B7-1426-1D24-BC93152A99CA} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B118993-5C36-8BA8-1141-71794E0D9F1C} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C64AEC0-374E-EFF7-DA12-C97865DA9CF1} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93078697-8C96-B847-0713-DCE94CF6F8F7} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9971458F-29E5-772B-D55C-E681993738D1} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B7B8469-5DD6-2CC3-6510-338DE167588F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CEBCC18-DB5B-C0AE-E15D-7FE93113A20F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A00A88C7-A514-E182-91E9-99A99BF6A8ED} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3C5C0CE-5122-E73A-AB92-E8EE67589A00} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3F4B373-10B4-9B2C-F81D-7C425AE33B07} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6CD064A-8D58-DA2B-316A-5BE3A2FBF453} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8EAA16E-24CD-ADE3-F174-26ECDFA3DA2F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A927D1F4-E735-581F-E8AF-CE5C50848FE7} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADEB754D-254F-7D77-7CB8-010E3738C8C6} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4C70AC5-1984-E207-B7C5-928737E2FD56} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5BD7347-E7F1-E898-884B-31D57750CDD6} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B825595B-2058-BCA4-1A37-31A9B58CD033} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD48201E-CC0F-19E5-6199-DD26BA727B9D} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C25AEDCA-B031-C73B-0FD1-AC9B52E73BD4} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C452088F-C45A-0FD0-E6B2-351678AE738C} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C460249C-BE73-9D7B-DAA6-2381988C0497} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547AD1E-8BEF-930B-9B2C-B1DFC7FBE428} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8AF5744-291F-65E5-70C2-E430C0AAF58E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC2A66A5-539A-852C-FA22-A3BD80E37FC4} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0D90AC7-FFCD-EA7E-B827-9D99D7655159} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1EE8A52-EB75-BD6B-C698-94D3153A49FB} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2849B41-0D7A-964C-9E0B-065FD249B70F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D815DA67-27CB-1169-9B2A-ABA388C50AC4} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D83DB071-E150-9662-50A0-83C2FF97C462} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DED9CF4B-166D-80F9-317A-BFF83166E09E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFA0B7F2-FEF2-BA8A-207A-5FEF3E86BEF1} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E16EFF3B-8831-5123-9372-1E0B4CDF75E9} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A932D6-23F4-5016-9ABB-AC2CAF1A53A0} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED800884-CF0B-46CC-6B33-43B8AA363DE1} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F675DBF0-254F-4477-D7AB-E5B54EB51227} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7ABA7E2-3EE8-6A74-1A15-9D6E47A99372} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC90281A-715F-5453-5E27-FF1B02AE0DA5} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF52B256-908C-69D9-AAC3-1B77E39910FF} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF731508-CD28-E0B0-3E85-0CF55FDE9FBA} -> Adware.CoolWebSearch : Error during cleaning.
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02E5DA79-DA5C-C19C-1D4B-D80A9ABEFF86} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06103706-2824-5060-4507-DEAA3B6E9276} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{063F24BD-007E-45AF-17F8-701D011BF74E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{07E3A13B-657F-5210-C8A4-A2F729B41F82} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B01F3E9-B4C0-2C24-AA3E-F733655C3C34} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10ABDCE8-0FE1-1F00-353B-C722D83B9139} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10FEB7E7-4A2D-6D1F-3B9F-8F9FEE32D825} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11432651-A087-8D4D-B7F1-E0B7E38F5E5D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{12F982EB-C661-7345-F68F-352FD00B78A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{137FBD76-C94E-29D8-CB88-FB29E07E3C8E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{17B9E72C-E678-0C21-C46F-E92A6822C0AC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B7868F3-747F-F324-23F0-1A3EC3D2C170} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BA67921-9029-436C-08A6-0B7567B9E2FA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB1DE84-F16B-DF8E-C8B2-9CDBEB7F352E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{24BF9601-89AC-C428-79E2-5F25AEF61F74} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{270B770B-A81B-7F32-31CA-A8A4B3E5B7AD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27627E61-8828-2E5B-F537-73A167A007E5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2B782120-57DE-0DCB-A169-ADA431954352} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C13A2ED-A7FA-1D37-8986-6A429E0CF015} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2D6A84B0-0E8B-FE15-DF75-97FBBC623369} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3090709C-6EA7-0316-84DA-2AC3A09FD1CB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{309B0370-9499-BD83-5B63-522A8DC7EFD4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3228229A-289E-9E2F-9154-02F1DC5C463F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32D481BA-7CF2-3434-A0CE-1686F9FF5DD9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3411D016-D625-CFE9-E364-68E7CE563CE6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{39B62ABB-D24C-0396-6EAB-24341A08486A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AD12656-0FD3-1764-2D8E-76287329A8BC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3C69E401-83BA-7846-3959-9348791DBFD2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DF9FEA0-C07D-4604-D880-979D7BAA3C8F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{434697B1-B0A0-8A25-A2B0-15519E338038} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44D3E95A-E07D-57C0-7AB8-4D195338DFA7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4566CC43-0B31-07E0-141A-12FC7D5FF802} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{45BB1FA8-10CC-E652-7FA6-97FBCB7B4849} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{47C204A5-E895-96EB-426E-94589DE2EF1E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{49131BF8-B481-A120-9036-48F6347DFAFF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4CBD9816-6536-6749-6F98-2632064A7FC9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{539B572E-7B0F-7CC3-9352-C94BF984726F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57431542-0B78-C8F5-0587-4323710F1B6B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E42E71F-1508-1D07-6338-29CE7B59941D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5E69E594-649C-5E92-356E-8CDF7589910E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61675AEA-0AAC-FB29-2A8B-E712314B4A52} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6193F353-3FEC-F33C-C485-636D47657206} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64A6ABE0-9644-5928-19BA-9CBAE0E5D13F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64BC7D77-4AA1-8991-2D79-116794A9DB1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64CBC2F6-6BBC-FF4A-8C67-D64BFD312060} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{655E410A-DEC2-F00A-61F5-F4B2C0F1BA9B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{677E2C7E-9AA3-89B1-AE72-254C8C73C4D0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6792B86A-27D8-CE33-F604-0569F036A431} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{705AE961-E2F5-CF0B-A264-699350E41DFA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70AB6A13-94F0-513A-F548-18F7897AEA93} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{70DE2D85-F521-47F2-FB12-177FEB319E41} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{77915096-204D-E2F0-F041-8CEDC66033AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789B3E43-9906-36FD-7592-A738BC588C2E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8309C7B2-F8C1-1F6A-FA52-5B8262B95E89} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{85389C19-9846-3EB7-FED8-ECFDDEB7598A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{881B3769-6610-B1DD-8D28-C87339428317} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8A805C25-C0B7-1426-1D24-BC93152A99CA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8B118993-5C36-8BA8-1141-71794E0D9F1C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C64AEC0-374E-EFF7-DA12-C97865DA9CF1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{93078697-8C96-B847-0713-DCE94CF6F8F7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9971458F-29E5-772B-D55C-E681993738D1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9B7B8469-5DD6-2CC3-6510-338DE167588F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CEBCC18-DB5B-C0AE-E15D-7FE93113A20F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A00A88C7-A514-E182-91E9-99A99BF6A8ED} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3C5C0CE-5122-E73A-AB92-E8EE67589A00} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3F4B373-10B4-9B2C-F81D-7C425AE33B07} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6CD064A-8D58-DA2B-316A-5BE3A2FBF453} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A8EAA16E-24CD-ADE3-F174-26ECDFA3DA2F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A927D1F4-E735-581F-E8AF-CE5C50848FE7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ADEB754D-254F-7D77-7CB8-010E3738C8C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4C70AC5-1984-E207-B7C5-928737E2FD56} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B5BD7347-E7F1-E898-884B-31D57750CDD6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B825595B-2058-BCA4-1A37-31A9B58CD033} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD48201E-CC0F-19E5-6199-DD26BA727B9D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C25AEDCA-B031-C73B-0FD1-AC9B52E73BD4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C452088F-C45A-0FD0-E6B2-351678AE738C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C460249C-BE73-9D7B-DAA6-2381988C0497} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547AD1E-8BEF-930B-9B2C-B1DFC7FBE428} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C8AF5744-291F-65E5-70C2-E430C0AAF58E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC2A66A5-539A-852C-FA22-A3BD80E37FC4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0D90AC7-FFCD-EA7E-B827-9D99D7655159} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D1EE8A52-EB75-BD6B-C698-94D3153A49FB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2849B41-0D7A-964C-9E0B-065FD249B70F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D815DA67-27CB-1169-9B2A-ABA388C50AC4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D83DB071-E150-9662-50A0-83C2FF97C462} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DED9CF4B-166D-80F9-317A-BFF83166E09E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFA0B7F2-FEF2-BA8A-207A-5FEF3E86BEF1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E16EFF3B-8831-5123-9372-1E0B4CDF75E9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5A932D6-23F4-5016-9ABB-AC2CAF1A53A0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED800884-CF0B-46CC-6B33-43B8AA363DE1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F675DBF0-254F-4477-D7AB-E5B54EB51227} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F7ABA7E2-3EE8-6A74-1A15-9D6E47A99372} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC90281A-715F-5453-5E27-FF1B02AE0DA5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF52B256-908C-69D9-AAC3-1B77E39910FF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKU\S-1-5-21-2888137882-3485517607-2614902147-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF731508-CD28-E0B0-3E85-0CF55FDE9FBA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP203\A0086648.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP203\A0086649.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
C:\Program Files\Common Files\Y1324OU.exe -> Adware.YazzleSudoku : Cleaned with backup (quarantined).
C:\Documents and Settings\dana\Local Settings\Temporary Internet Files\Content.IE5\Q51MBM90\installdrivecleanerstart[1].cab/UDC6_0001_D19M1908NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.m : Cleaned with backup (quarantined).
:mozilla.111:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.13:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.14:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.19:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.20:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.21:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.43:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.52:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.53:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.160:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.41:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.42:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.43:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.44:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.45:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.62:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.63:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.64:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.65:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.66:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.17:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.81:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.57:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.142:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.168:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.169:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.170:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
:mozilla.68:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.100:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.102:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.103:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.153:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.154:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@ehg-maniatv.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.46:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.47:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.48:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Linksynergy : Cleaned.
:mozilla.121:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.146:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.148:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.151:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.196:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.197:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.82:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.83:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.84:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.27:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.104:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.105:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.106:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.107:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.96:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.97:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.17:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.24:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.28:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.29:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.30:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.31:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.32:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned.
:mozilla.29:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.30:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.31:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.32:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.33:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.34:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.80:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.85:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.86:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.87:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.88:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.89:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.92:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.158:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.55:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.56:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.57:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.58:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.59:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.60:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.61:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.176:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.137:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.140:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.144:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.145:C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\otinmuvx.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\Documents and Settings\mike\Cookies\mike@zedo[1].txt -> TrackingCookie.Zedo : Cleaned.
::Report end


_________________________________________________________

#6 strongtrees

strongtrees
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 04 January 2007 - 09:54 PM

mike - 06-12-15 11:41:56.71 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\mike"

((((((((((((((((((((((((((((((((((((((((((( E-Give / Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Documents and Settings\dana\Application Data\Dxcknwrd.dll
C:\Documents and Settings\jared\Application Data\Dxcdmns.dll
C:\Documents and Settings\jared\Application Data\Dxcknwrd.dll
C:\Documents and Settings\mike\Application Data\Dxcknwrd.dll


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Program Files\Common Files\Yazzle1281OinUninstaller.exe
C:\WINDOWS\bWlrZQ

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\MCROSO~1
C:\QooBox\Purity\Program Files\Common Files\PPATCH~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1
C:\QooBox\Purity\Program Files\MCROSO~1\MCROSO~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\ASKS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\CROSOF~1.NET
C:\QooBox\Purity\WINDOWS\SYSTEM32\CURITY~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\FNTS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\SYSTEM32\MBOLS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\PPATCH~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SKS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\STEM32~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\STEM~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\WNSXS~1


((((((((((((((((((((((((((((((( Files Created from 2006-11-15 to 2006-12-15 ))))))))))))))))))))))))))))))))))


2006-12-15 11:43 0 -rahs---- C:\MSDOS.SYS
2006-12-15 11:43 0 -rahs---- C:\IO.SYS
2006-12-15 11:32 <DIR> d-------- C:\Program Files\Sunbelt Software
2006-12-15 10:11 118,804 --a------ C:\WINDOWS\SYSTEM32\lrwipdjy.dll
2006-12-09 17:09 <DIR> d-------- C:\WINDOWS\SYSTEM32\oodag
2006-12-07 13:49 <DIR> d-------- C:\Program Files\Java
2006-12-07 13:47 <DIR> d-------- C:\Program Files\Common Files\Java
2006-12-07 12:49 <DIR> d-------- C:\Program Files\OO Software
2006-12-07 12:14 126,996 --a------ C:\WINDOWS\SYSTEM32\djwefsbq.dll
2006-12-03 09:15 126,996 --a------ C:\WINDOWS\SYSTEM32\wtewqbrq.dll
2006-12-01 21:10 126,996 --a------ C:\WINDOWS\SYSTEM32\ptbyxwxn.dll
2006-12-01 21:09 132,116 --a------ C:\WINDOWS\SYSTEM32\hmknwtsh.dll
2006-11-28 21:41 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-28 21:14 <DIR> d-------- C:\Documents and Settings\mike\Application Data\SearchToolbarCorp
2006-11-28 21:12 88,340 --a------ C:\WINDOWS\SYSTEM32\jwlbgawt.exe
2006-11-28 21:09 126,996 --a------ C:\WINDOWS\SYSTEM32\fganyssf.dll
2006-11-28 21:08 42,516 --a------ C:\WINDOWS\SYSTEM32\lciaywre.dll
2006-11-24 11:55 3,840 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\BANTExt.sys
2006-11-24 11:55 <DIR> d-------- C:\Program Files\Belarc
2006-11-24 11:52 <DIR> d-------- C:\Documents and Settings\mike\Application Data\Mozilla
2006-11-24 11:47 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-11-23 23:19 38,420 --a------ C:\WINDOWS\SYSTEM32\nksarqxu.dll
2006-11-23 23:19 126,996 --a------ C:\WINDOWS\SYSTEM32\mmpmadqw.dll
2006-11-22 22:05 12,160 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\mouhid.sys
2006-11-22 22:03 9,600 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\hidusb.sys
2006-11-16 12:11 3,968 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\AvgAsCln.sys
2006-11-16 12:11 <DIR> d-------- C:\Program Files\Grisoft
2006-11-15 18:30 947,570 ---hs---- C:\WINDOWS\SYSTEM\yaplas.bak2


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-12-15 11:43 -------- d-------- C:\Program Files\Common Files
2006-12-07 12:40 6094 --a------ C:\Program Files\hijackthis 1.txt
2006-12-07 12:39 6094 --a------ C:\Program Files\hijackthis.log
2006-11-28 21:49 -------- d-------- C:\Program Files\Internet Explorer
2006-11-28 21:12 -------- d-------- C:\Program Files\VSAdd-in
2006-11-23 01:21 -------- d-------- C:\Program Files\PSDream
2006-11-18 08:10 -------- d-------- C:\Program Files\Microsoft Picture It! 2002
2006-11-12 14:19 -------- d-------- C:\Program Files\PhoneTools
2006-11-12 14:19 -------- d-------- C:\Program Files\Net Detective
2006-11-12 14:19 -------- d-------- C:\Program Files\Microsoft Works
2006-11-12 14:19 -------- d-------- C:\Program Files\America Online 7.0
2006-11-08 19:21 -------- d-------- C:\Program Files\PSCastor
2006-11-07 21:03 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-11-02 13:27 -------- d-------- C:\Program Files\messenger
2006-11-02 13:25 -------- d-------- C:\Program Files\Windows Media Player
2006-11-02 13:21 -------- d-------- C:\Program Files\Outlook Express
2006-11-02 13:21 -------- d-------- C:\Program Files\Common Files\System
2006-11-02 12:32 -------- d-------- C:\Program Files\Windows Defender
2006-11-02 12:32 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-01 12:50 -------- d-------- C:\Program Files\Common Files\SearchUpgrader
2006-11-01 12:26 -------- d---s---- C:\Documents and Settings\mike\Application Data\Microsoft
2006-11-01 07:48 -------- d-------- C:\Program Files\Movie Maker
2006-11-01 07:44 -------- d-------- C:\Program Files\Windows NT
2006-11-01 07:44 -------- d-------- C:\Program Files\NetMeeting
2006-10-30 19:26 110612 --a------ C:\WINDOWS\SYSTEM32\sdajpmon.exe
2006-10-28 14:54 -------- d-------- C:\Program Files\Oberon Media
2006-10-28 14:52 -------- d-------- C:\Program Files\Common Files\Real
2006-10-28 14:40 98324 --a------ C:\WINDOWS\SYSTEM32\qxpexeno.dll
2006-10-27 21:58 -------- d-------- C:\Program Files\Alwil Software
2006-10-27 21:55 293 --a------ C:\WINDOWS\qygos.dll
2006-10-27 21:50 -------- d-------- C:\Program Files\Common Files\zkwi
2006-10-27 21:39 -------- d-------- C:\Program Files\Lavasoft
2006-10-27 21:39 -------- d-------- C:\Documents and Settings\mike\Application Data\Lavasoft
2006-10-27 21:26 -------- d-------- C:\Documents and Settings\mike\Application Data\GlarySoft
2006-10-27 21:20 -------- d-------- C:\Program Files\Online Services
2006-10-27 21:13 -------- d-------- C:\Program Files\Norton AntiVirus
2006-10-27 21:13 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-10-27 21:12 -------- d-------- C:\Program Files\Lavasoft Ad-aware
2006-10-27 21:08 0 -r------- C:\WINDOWS\SYSTEM32\javUBS.dll
2006-10-27 21:05 -------- d-------- C:\Program Files\Symantec
2006-10-27 20:56 96241 --ah----- C:\Documents and Settings\mike\Application Data\ptads.bin
2006-10-27 17:07 98324 --a------ C:\WINDOWS\SYSTEM32\lemlsmvl.dll
2006-10-22 21:33 98324 --a------ C:\WINDOWS\SYSTEM32\gluwtsmu.dll
2006-10-22 20:10 98324 --a------ C:\WINDOWS\SYSTEM32\gpwkngli.dll
2006-10-21 22:27 0 -r------- C:\WINDOWS\SYSTEM32\windo32.dll
2006-10-21 10:04 0 -r------- C:\WINDOWS\SYSTEM32\xjmbfrav.dll
2006-10-19 05:39 0 -r------- C:\WINDOWS\ierk.dll
2006-10-19 05:16 -------- d-------- C:\Program Files\Common Files\Ódobe
2006-10-19 05:10 32208 ---hs---- C:\Program Files\Common Files\Y1324OU.exe
2006-10-18 09:15 45056 --a------ C:\WINDOWS\System32uaw5wah6a.exe
2006-10-18 09:15 45056 --a------ C:\WINDOWS\SYSTEM32\uaw5wah6a.exe
2006-10-18 09:15 147456 --a------ C:\WINDOWS\aff_0006.exe
2006-10-18 09:14 433720 --a------ C:\WINDOWS\hancermm.exe
2006-10-18 09:14 -------- d-------- C:\Program Files\mm
2006-10-17 19:07 -------- d-------- C:\Program Files\Real
2006-10-17 18:55 -------- d-------- C:\Documents and Settings\mike\Application Data\MSN6
2006-10-17 18:54 -------- d-------- C:\Program Files\EA SPORTS
2006-10-17 18:37 -------- d-------- C:\Program Files\QuickTime
2006-10-17 17:50 -------- d--h----- C:\Program Files\WindowsUpdate
2006-10-17 12:06 78336 --a------ C:\WINDOWS\SYSTEM32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\SYSTEM32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\SYSTEM32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\SYSTEM32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\SYSTEM32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\SYSTEM32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\SYSTEM32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\SYSTEM32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\SYSTEM32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\SYSTEM32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\SYSTEM32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\SYSTEM32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\SYSTEM32\ieapfltr.dll
2006-10-17 10:02 0 -r------- C:\WINDOWS\SYSTEM32\netch.dll
2006-10-13 07:35 142336 --a------ C:\WINDOWS\SYSTEM32\nwprovau.dll
2006-10-05 02:26 274432 --a------ C:\WINDOWS\TLCUninstall.exe
2006-09-25 10:45 666240 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2006-09-25 10:37 90112 --a------ C:\WINDOWS\SYSTEM32\AVASTSS.scr
2006-09-24 15:58 616448 --a------ C:\WINDOWS\ClusterWorks STUPA.scr
2006-09-22 18:58 707 --a------ C:\WINDOWS\_DEFAULT.PIF


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\lrwipdjy.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"mike\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,ee,01,00,00,3b,01,00,00,dc,00,00,00,d0,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"A70F6A1D-0195-42a2-934C-D8AC0F7C08EB"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"PTRGMYGK"="rundll32.exe ptmg1v.dll,DllRunMain"
"AdaptecDirectCD"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"98D0CE0C16B1"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"{12EE7A5E-0674-42f9-A76B-000000004D00}"="rundll32.exe stlb2.dll,DllRunMain"
"SearchUpgrader"="C:\\Program Files\\Common files\\SearchUpgrader\\SearchUpgrader.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\javUBS
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\salpay

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 06-12-15 11:50:50.07
C:\ComboFix.txt ... 06-12-15 11:50

Logfile of HijackThis v1.99.1
Scan saved at 10:55:19 AM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\mike\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lrwipdjy.dll",setvm
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "mike"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nkpva.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#7 strongtrees

strongtrees
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 04 January 2007 - 09:56 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:55:19 AM, on 12/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\mike\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lrwipdjy.dll",setvm
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "mike"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nkpva.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#8 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:03 AM

Posted 07 January 2007 - 05:32 AM

Hi strongtrees,

Sorry it took me so long to get back to you.
Holidays, Kids, Work Etc!


No problem, whenever you're ready.

Okay it's better to have more actual info: AVG - and Combofix report are from 15-12.

1. But to begin with: HJT creates backups and we want them safe and secure should they be required later. For that reason I recommend to remove HijackThis to its own permanent location as was the case looking at your first HIjackThis log.
Create a folder on your C: drive: click Start > My Computer, open/double-click your C:\ drive, select New, next Folder and call it C:\hijackthis. Drag HijackThis into that folder!

2. Disable Windows Defender again:

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

3. Run Combofix and post the report.

4. Update the AVG database but do not run it yet.

5. Reboot your computer into Safe Mode. To boot into Safe Mode, please restart your computer. Tap F8 a few times before Windows loads. Select Safe Mode at the top, on the screen that appears.

6. Run AVG Anti-Spyware 7.5 and click on the Scanner tab at the top
  • Click the "Settings" tab and then change the recommended action to Quarantine and ensure that Automatically generate report after every scan is selected and uncheck "Only if Threats are found"
  • Click back to the "Scan" tab and then click on Complete System Scan.
    This scan can take quite a while to run, so be prepared.
  • AVG Anti-Spyware 7.5 will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. AVG Anti-Spyware 7.5 will display "All actions have been applied" on the right hand side.
  • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (like on the Desktop).
7. Go to your Program Files and rename Hijackthis.exe to Analyse.exe and than reboot.
After reboot, run Analyse.exe (which is hijackthis of course) and post the log it creates in your next reply.

Please post the AVG report along with the ComboFix report and a new HijackThis log.

#9 strongtrees

strongtrees
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 21 January 2007 - 11:12 AM

Howdy there Falu,

Thanks for your patience.

Here we go:

Logfile of HijackThis v1.99.1
Scan saved at 1:26:14 PM, on 1/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\mike\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.eyeseek.com/firstsite.asp?b=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://smbusiness.dellnet.com/
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lrwipdjy.dll",setvm
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "mike"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nkpva.exe
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://www.stonyfield.com/coupons/scriptX/smsx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe


mike - 07-01-20 11:53:51.57 Service Pack 2
ComboFix 06.11.27W - Running from: "C:\Documents and Settings\mike\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))



~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ Purity ~ ~ ~ ~ ~ ~ ~ ~~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

Folders Quarantined:

C:\QooBox\Purity\Program Files\MCROSO~1
C:\QooBox\Purity\Program Files\Common Files\PPATCH~1
C:\QooBox\Purity\Program Files\Common Files\SCURIT~1
C:\QooBox\Purity\Program Files\MCROSO~1\MCROSO~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\ASKS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\CROSOF~1.NET
C:\QooBox\Purity\WINDOWS\SYSTEM32\CURITY~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\FNTS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\ICROSO~1.NET
C:\QooBox\Purity\WINDOWS\SYSTEM32\MBOLS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\PPATCH~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SEMBLY~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\SKS~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\STEM32~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\STEM~1
C:\QooBox\Purity\WINDOWS\SYSTEM32\WNSXS~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-20 to 2007-01-20 ))))))))))))))))))))))))))))))))))


2007-01-20 11:47 <DIR> d-------- C:\hijack this
2007-01-19 09:45 81,684 --a------ C:\WINDOWS\SYSTEM32\yxdpisfr.dll
2007-01-12 09:46 81,684 --a------ C:\WINDOWS\SYSTEM32\kkfdebuw.dll
2007-01-11 14:46 <DIR> d-------- C:\WINDOWS\ie7updates
2007-01-11 13:21 <DIR> d-------- C:\rename_this_folder_back_to_sUBs_
2007-01-11 12:57 <DIR> d-------- C:\Documents and Settings\mike\Application Data\Adobe
2007-01-11 12:55 <DIR> d-------- C:\Program Files\Adobe
2007-01-11 12:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe
2007-01-11 12:43 <DIR> d-------- C:\Program Files\Common Files\Adobe
2007-01-09 16:24 132,116 --a------ C:\WINDOWS\SYSTEM32\qlpaoekb.dll
2007-01-08 15:35 81,684 --a------ C:\WINDOWS\SYSTEM32\whbgigwo.dll
2007-01-06 15:12 132,116 --a------ C:\WINDOWS\SYSTEM32\qdljqxrq.dll
2007-01-06 14:23 132,116 --a------ C:\WINDOWS\SYSTEM32\levgcgqx.dll
2007-01-01 15:22 81,684 --a------ C:\WINDOWS\SYSTEM32\eaxiqnis.dll
2006-12-30 15:45 1,057,670 ---hs---- C:\WINDOWS\SYSTEM\yaplas.ini2
2006-12-28 09:50 44,060 --a------ C:\WINDOWS\SYSTEM32\jduwaavl.dll
2006-12-27 09:50 81,684 --a------ C:\WINDOWS\SYSTEM32\dcyecnnl.dll
2006-12-24 11:35 131,604 --a------ C:\WINDOWS\SYSTEM32\ojllkpud.dll
2006-12-20 09:51 81,684 --a------ C:\WINDOWS\SYSTEM32\nxargmkp.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-20 10:56 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-15 11:40 -------- d-------- C:\Program Files\Java
2007-01-11 14:25 -------- d-------- C:\Program Files\VSAdd-in
2007-01-11 12:43 -------- d-------- C:\Program Files\Common Files
2006-12-21 18:31 -------- d-------- C:\Program Files\Net Detective
2006-12-18 12:58 -------- d-------- C:\Documents and Settings\mike\Application Data\Sun
2006-12-16 12:31 -------- d-------- C:\Program Files\Outlook Express
2006-12-16 12:31 -------- d-------- C:\Program Files\Common Files\System
2006-12-16 10:11 44052 --a------ C:\WINDOWS\SYSTEM32\oobbmiyn.dll
2006-12-15 11:43 0 -rahs---- C:\MSDOS.SYS
2006-12-15 11:43 0 -rahs---- C:\IO.SYS
2006-12-15 11:32 -------- d-------- C:\Program Files\Sunbelt Software
2006-12-15 10:11 118804 --a------ C:\WINDOWS\SYSTEM32\lrwipdjy.dll
2006-12-07 17:02 2174976 --a------ C:\WINDOWS\SYSTEM32\wmvcore.dll
2006-12-07 13:47 -------- d-------- C:\Program Files\Common Files\Java
2006-12-07 12:49 -------- d-------- C:\Program Files\OO Software
2006-12-07 12:40 6094 --a------ C:\Program Files\hijackthis 1.txt
2006-12-07 12:39 6094 --a------ C:\Program Files\hijackthis.log
2006-12-07 12:15 126996 --a------ C:\WINDOWS\SYSTEM32\djwefsbq.dll
2006-12-03 09:15 126996 --a------ C:\WINDOWS\SYSTEM32\wtewqbrq.dll
2006-12-01 21:10 126996 --a------ C:\WINDOWS\SYSTEM32\ptbyxwxn.dll
2006-12-01 21:09 132116 --a------ C:\WINDOWS\SYSTEM32\hmknwtsh.dll
2006-11-28 21:49 -------- d-------- C:\Program Files\Internet Explorer
2006-11-28 21:14 -------- d-------- C:\Documents and Settings\mike\Application Data\SearchToolbarCorp
2006-11-28 21:12 88340 --a------ C:\WINDOWS\SYSTEM32\jwlbgawt.exe
2006-11-28 21:10 126996 --a------ C:\WINDOWS\SYSTEM32\fganyssf.dll
2006-11-28 21:09 42516 --a------ C:\WINDOWS\SYSTEM32\lciaywre.dll
2006-11-24 11:55 -------- d-------- C:\Program Files\Belarc
2006-11-24 11:52 -------- d-------- C:\Documents and Settings\mike\Application Data\Mozilla
2006-11-23 23:19 38420 --a------ C:\WINDOWS\SYSTEM32\nksarqxu.dll
2006-11-23 23:19 126996 --a------ C:\WINDOWS\SYSTEM32\mmpmadqw.dll
2006-11-23 01:21 -------- d-------- C:\Program Files\PSDream
2006-11-08 00:06 679424 --a------ C:\WINDOWS\SYSTEM32\inetcomm.dll
2006-11-07 21:03 6049280 --------- C:\WINDOWS\SYSTEM32\ieframe.dll
2006-11-07 21:03 50688 --------- C:\WINDOWS\SYSTEM32\msfeedsbs.dll
2006-11-07 21:03 458752 --------- C:\WINDOWS\SYSTEM32\msfeeds.dll
2006-11-07 21:03 413696 --a------ C:\WINDOWS\SYSTEM32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\SYSTEM32\webcheck.dll
2006-11-07 21:03 180736 --------- C:\WINDOWS\SYSTEM32\ieui.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\SYSTEM32\msls31.dll
2006-11-07 03:27 382976 --a------ C:\WINDOWS\SYSTEM32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\SYSTEM32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\SYSTEM32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\SYSTEM32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\SYSTEM32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\SYSTEM32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\SYSTEM32\ieakeng.dll
2006-11-07 03:26 13312 --a------ C:\WINDOWS\SYSTEM32\ieudinit.exe
2006-11-07 03:26 123904 --a------ C:\WINDOWS\SYSTEM32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\SYSTEM32\ieakui.dll
2006-10-30 19:26 110612 --a------ C:\WINDOWS\SYSTEM32\sdajpmon.exe
2006-10-28 14:40 98324 --a------ C:\WINDOWS\SYSTEM32\qxpexeno.dll
2006-10-27 21:55 293 --a------ C:\WINDOWS\qygos.dll
2006-10-27 21:08 0 -r------- C:\WINDOWS\SYSTEM32\javUBS.dll
2006-10-27 20:56 96241 --ah----- C:\Documents and Settings\mike\Application Data\ptads.bin
2006-10-27 17:07 98324 --a------ C:\WINDOWS\SYSTEM32\lemlsmvl.dll
2006-10-22 21:33 98324 --a------ C:\WINDOWS\SYSTEM32\gluwtsmu.dll
2006-10-22 20:10 98324 --a------ C:\WINDOWS\SYSTEM32\gpwkngli.dll
2006-10-21 22:27 0 -r------- C:\WINDOWS\SYSTEM32\windo32.dll
2006-10-21 10:04 0 -r------- C:\WINDOWS\SYSTEM32\xjmbfrav.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Windows Defender"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_09\\bin\\jusched.exe\""
"DllRunning"="rundll32.exe \"C:\\WINDOWS\\system32\\lrwipdjy.dll\",setvm"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservicesonce]
"washindex"="C:\\Program Files\\Washer\\washidx.exe \"mike\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,ee,01,00,00,3b,01,00,00,dc,00,00,00,d0,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}"="Microsoft AntiMalware ShellExecuteHook"
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"A70F6A1D-0195-42a2-934C-D8AC0F7C08EB"="rundll32.exe E6F1873B.DLL,D9EBC318C"
"PTRGMYGK"="rundll32.exe ptmg1v.dll,DllRunMain"
"AdaptecDirectCD"="\"C:\\Program Files\\Adaptec\\Easy CD Creator 5\\DirectCD\\DirectCD.exe\""
"98D0CE0C16B1"="rundll32.exe D0CE0C16B1,D0CE0C16B1"
"{12EE7A5E-0674-42f9-A76B-000000004D00}"="rundll32.exe stlb2.dll,DllRunMain"
"SearchUpgrader"="C:\\Program Files\\Common files\\SearchUpgrader\\SearchUpgrader.exe"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\javUBS
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\salpay

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\MP Scheduled Scan.job

Completion time: 07-01-20 11:56:47.23
C:\ComboFix.txt ... 07-01-20 11:56
C:\ComboFix2.txt ... 07-01-11 13:24
C:\ComboFix3.txt ... 06-12-15 11:50

#10 strongtrees

strongtrees
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 21 January 2007 - 11:14 AM

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:11:10 PM 1/20/2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02E5DA79-DA5C-C19C-1D4B-D80A9ABEFF86} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06103706-2824-5060-4507-DEAA3B6E9276} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{063F24BD-007E-45AF-17F8-701D011BF74E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07E3A13B-657F-5210-C8A4-A2F729B41F82} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0B01F3E9-B4C0-2C24-AA3E-F733655C3C34} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10ABDCE8-0FE1-1F00-353B-C722D83B9139} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10FEB7E7-4A2D-6D1F-3B9F-8F9FEE32D825} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11432651-A087-8D4D-B7F1-E0B7E38F5E5D} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{12F982EB-C661-7345-F68F-352FD00B78A2} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{137FBD76-C94E-29D8-CB88-FB29E07E3C8E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17B9E72C-E678-0C21-C46F-E92A6822C0AC} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1B7868F3-747F-F324-23F0-1A3EC3D2C170} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BA67921-9029-436C-08A6-0B7567B9E2FA} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1BB1DE84-F16B-DF8E-C8B2-9CDBEB7F352E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24BF9601-89AC-C428-79E2-5F25AEF61F74} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{270B770B-A81B-7F32-31CA-A8A4B3E5B7AD} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27627E61-8828-2E5B-F537-73A167A007E5} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2B782120-57DE-0DCB-A169-ADA431954352} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C13A2ED-A7FA-1D37-8986-6A429E0CF015} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2D6A84B0-0E8B-FE15-DF75-97FBBC623369} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3090709C-6EA7-0316-84DA-2AC3A09FD1CB} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{309B0370-9499-BD83-5B63-522A8DC7EFD4} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3228229A-289E-9E2F-9154-02F1DC5C463F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{32D481BA-7CF2-3434-A0CE-1686F9FF5DD9} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3411D016-D625-CFE9-E364-68E7CE563CE6} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39B62ABB-D24C-0396-6EAB-24341A08486A} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3AD12656-0FD3-1764-2D8E-76287329A8BC} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C69E401-83BA-7846-3959-9348791DBFD2} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3DF9FEA0-C07D-4604-D880-979D7BAA3C8F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{434697B1-B0A0-8A25-A2B0-15519E338038} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{44D3E95A-E07D-57C0-7AB8-4D195338DFA7} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4566CC43-0B31-07E0-141A-12FC7D5FF802} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{45BB1FA8-10CC-E652-7FA6-97FBCB7B4849} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47C204A5-E895-96EB-426E-94589DE2EF1E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{49131BF8-B481-A120-9036-48F6347DFAFF} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4CBD9816-6536-6749-6F98-2632064A7FC9} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{539B572E-7B0F-7CC3-9352-C94BF984726F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{57431542-0B78-C8F5-0587-4323710F1B6B} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E42E71F-1508-1D07-6338-29CE7B59941D} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5E69E594-649C-5E92-356E-8CDF7589910E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61675AEA-0AAC-FB29-2A8B-E712314B4A52} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6193F353-3FEC-F33C-C485-636D47657206} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64A6ABE0-9644-5928-19BA-9CBAE0E5D13F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64BC7D77-4AA1-8991-2D79-116794A9DB1B} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64CBC2F6-6BBC-FF4A-8C67-D64BFD312060} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{655E410A-DEC2-F00A-61F5-F4B2C0F1BA9B} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{677E2C7E-9AA3-89B1-AE72-254C8C73C4D0} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6792B86A-27D8-CE33-F604-0569F036A431} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{705AE961-E2F5-CF0B-A264-699350E41DFA} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70AB6A13-94F0-513A-F548-18F7897AEA93} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70DE2D85-F521-47F2-FB12-177FEB319E41} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77915096-204D-E2F0-F041-8CEDC66033AE} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{789B3E43-9906-36FD-7592-A738BC588C2E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8309C7B2-F8C1-1F6A-FA52-5B8262B95E89} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{85389C19-9846-3EB7-FED8-ECFDDEB7598A} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{881B3769-6610-B1DD-8D28-C87339428317} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A805C25-C0B7-1426-1D24-BC93152A99CA} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8B118993-5C36-8BA8-1141-71794E0D9F1C} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8C64AEC0-374E-EFF7-DA12-C97865DA9CF1} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{93078697-8C96-B847-0713-DCE94CF6F8F7} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9971458F-29E5-772B-D55C-E681993738D1} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9B7B8469-5DD6-2CC3-6510-338DE167588F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CEBCC18-DB5B-C0AE-E15D-7FE93113A20F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A00A88C7-A514-E182-91E9-99A99BF6A8ED} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3C5C0CE-5122-E73A-AB92-E8EE67589A00} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3F4B373-10B4-9B2C-F81D-7C425AE33B07} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6CD064A-8D58-DA2B-316A-5BE3A2FBF453} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A8EAA16E-24CD-ADE3-F174-26ECDFA3DA2F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A927D1F4-E735-581F-E8AF-CE5C50848FE7} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ADEB754D-254F-7D77-7CB8-010E3738C8C6} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4C70AC5-1984-E207-B7C5-928737E2FD56} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B5BD7347-E7F1-E898-884B-31D57750CDD6} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B825595B-2058-BCA4-1A37-31A9B58CD033} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD48201E-CC0F-19E5-6199-DD26BA727B9D} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C25AEDCA-B031-C73B-0FD1-AC9B52E73BD4} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C452088F-C45A-0FD0-E6B2-351678AE738C} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C460249C-BE73-9D7B-DAA6-2381988C0497} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C547AD1E-8BEF-930B-9B2C-B1DFC7FBE428} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C8AF5744-291F-65E5-70C2-E430C0AAF58E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CC2A66A5-539A-852C-FA22-A3BD80E37FC4} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0D90AC7-FFCD-EA7E-B827-9D99D7655159} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D1EE8A52-EB75-BD6B-C698-94D3153A49FB} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2849B41-0D7A-964C-9E0B-065FD249B70F} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D815DA67-27CB-1169-9B2A-ABA388C50AC4} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D83DB071-E150-9662-50A0-83C2FF97C462} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DED9CF4B-166D-80F9-317A-BFF83166E09E} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFA0B7F2-FEF2-BA8A-207A-5FEF3E86BEF1} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E16EFF3B-8831-5123-9372-1E0B4CDF75E9} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E5A932D6-23F4-5016-9ABB-AC2CAF1A53A0} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ED800884-CF0B-46CC-6B33-43B8AA363DE1} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F675DBF0-254F-4477-D7AB-E5B54EB51227} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F7ABA7E2-3EE8-6A74-1A15-9D6E47A99372} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FC90281A-715F-5453-5E27-FF1B02AE0DA5} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF52B256-908C-69D9-AAC3-1B77E39910FF} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF6D6BE4-0644-EFEF-B7B9-4B57D7A01483} -> Adware.CoolWebSearch : Error during cleaning.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FF731508-CD28-E0B0-3E85-0CF55FDE9FBA} -> Adware.CoolWebSearch : Error during cleaning.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP222\A0089907.exe -> Adware.LinkMaker : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP222\A0089908.exe -> Adware.LinkMaker : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP222\A0089906.exe -> Adware.SearchAssistant : Cleaned with backup (quarantined).
:mozilla.20:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.22:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.23:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.24:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.33:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.35:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.36:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.38:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.34:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.39:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.40:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.41:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.42:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.43:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.44:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.45:C:\Documents and Settings\dana\Application Data\Mozilla\Firefox\Profiles\jefzqwol.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP222\A0089905.dll -> Trojan.Agent.acl : Cleaned with backup (quarantined).


::Report end


THANK YOU

#11 Falu

Falu

  • Security Colleague
  • 3,001 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:06:03 AM

Posted 23 January 2007 - 04:22 AM

Hi strongtrees, :thumbsup:

Thanks for your patience.


I have no problem being patient but it would help both of us if you followed my instructions:

1. HijackThis is still run from a temp file;
2. HijackThis has not been renamed and run.

Keep in mind that your computer is heavily infected so we'll have some work to do to clean it.

Please print out these instructions so that you have a hard copy of these instructions. You will need to keep Internet Explorer and Windows Explorer (including My Computer) closed throughout the entire process. Furthermore I suggest to read through them before doing anything so you know what you're supposed todo.

1. Create a folder on your C: drive: click Start > My Computer, open/double-click your C:\ drive, select New, next Folder and call it C:\hijackthis. Drag HijackThis into that folder!

2. Disable Windows Defender again:

Open Windows Defender.
Click on Tools, General Settings.
Scroll down and uncheck Turn on real-time protection (recommended).
After you uncheck this, click on the Save button and close Windows Defender.

3. Click on Start, Settings, Control Panel and double-click on Add or Remove Programs. From within Add or Remove Programs uninstall the following program if listed:

VSToolbar for Internet Explorer
PSDream
SearchUpgrader


4. Download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

5. Download Intermute's CWShredder from here:
http://cwshredder.net/bin/CWShredder.exe
Save it to the desktop but do NOT run it yet.

6. Next download About:Buster from here:
http://www.malwarebytes.org/AboutBuster.zip
Unzip it to the desktop (right-click on it and choose Extract all) but do NOT run it yet.

7. Update AVG AntiSpyware once more but do NOT run it yet.

8. Reboot and as the computer starts up, just before Windows starts to load, tap the F8 key a few times and then choose Safe Mode from the menu that will appear.

9. Once in Safe Mode, please run CWShredder, and click Fix.

10. Next run About:Buster and click Start to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log". This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. I will want to see this logfile later.

11. Then run AVG AntiSpyware, and run a full scan. Save the log from the scan for me.

12. Run HijackThis, click Scan, and check:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\naasm.dll/sp.html#28129%resultposition.net
O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll (file missing)
O4 - HKLM\..\Run: [DllRunning] rundll32.exe "C:\WINDOWS\system32\lrwipdjy.dll",setvm
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\nkpva.exe


Close all open windows except for HijackThis and click Fix Checked.

13. Make sure you can view all files. Click Start >My Computer > Tools > Folder Options >View. Check "Show hidden files and folders", uncheck "Hide protected operating system files" and "Hide extensions for known file types". Click "Apply to all folders" >Apply then OK.

14. Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete the following folders in bold if listed:

C:\Program Files\VSAdd-in
C:\Program Files\PSDream

.......... and files in bold if listed:

C:\WINDOWS\system32\lrwipdjy.dll
C:\Program Files\Internet Explorer\nkpva.exe
C:\WINDOWS\SYSTEM32\yxdpisfr.dll
C:\WINDOWS\SYSTEM32\kkfdebuw.dll
C:\WINDOWS\SYSTEM32\qlpaoekb.dll
C:\WINDOWS\SYSTEM32\whbgigwo.dll
C:\WINDOWS\SYSTEM32\qdljqxrq.dll
C:\WINDOWS\SYSTEM32\levgcgqx.dll
C:\WINDOWS\SYSTEM32\eaxiqnis.dll
C:\WINDOWS\SYSTEM\yaplas.ini2
C:\WINDOWS\SYSTEM32\jduwaavl.dll
C:\WINDOWS\SYSTEM32\dcyecnnl.dll
C:\WINDOWS\SYSTEM32\ojllkpud.dll
C:\WINDOWS\SYSTEM32\nxargmkp.dll
C:\WINDOWS\SYSTEM32\oobbmiyn.dll
C:\WINDOWS\SYSTEM32\djwefsbq.dll
C:\WINDOWS\SYSTEM32\wtewqbrq.dll
C:\WINDOWS\SYSTEM32\ptbyxwxn.dll
C:\WINDOWS\SYSTEM32\hmknwtsh.dll
C:\WINDOWS\SYSTEM32\jwlbgawt.exe
C:\WINDOWS\SYSTEM32\fganyssf.dll
C:\WINDOWS\SYSTEM32\lciaywre.dll
C:\WINDOWS\SYSTEM32\nksarqxu.dll
C:\WINDOWS\SYSTEM32\mmpmadqw.dll
C:\WINDOWS\SYSTEM32\ieui.dll
C:\WINDOWS\SYSTEM32\ieudinit.exe
C:\WINDOWS\SYSTEM32\sdajpmon.exe
C:\WINDOWS\SYSTEM32\qxpexeno.dll
C:\WINDOWS\qygos.dll
C:\WINDOWS\SYSTEM32\javUBS.dll
C:\Documents and Settings\mike\Application Data\ptads.bin
C:\WINDOWS\SYSTEM32\lemlsmvl.dll
C:\WINDOWS\SYSTEM32\gluwtsmu.dll
C:\WINDOWS\SYSTEM32\gpwkngli.dll
C:\WINDOWS\SYSTEM32\windo32.dll
C:\WINDOWS\SYSTEM32\xjmbfrav.dll

Let me know if you had problems with this step.

15. Clean your Cache and Cookies in IE:

* Close all instances of Outlook Express and Internet Explorer
* Go to Control Panel > Internet Options > General tab
* Click the "Delete Cookies" button
* Next to it, Click the "Delete Files" button
* When prompted, place a check in: "Delete all offline content", click OK

Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):

* Go to Tools > Options.
* Click Privacy in the menu on the left side of the Options window.
* Click the Clear button located to the right of each option (History, Cookies, Cache).
* Click OK to close the Options window
Alternatively, you can clear all information stored while browsing by clicking Clear All.
A confirmation dialog box will be shown before clearing the information.

Clean other Temporary files + Recycle bin

* Go to start > run and type: cleanmgr and click ok.
* Let it scan your system for files to remove.
* Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
* Press OK to remove them.

16. Restart your computer to go back into Normal Mode.

17. Download DelDomains.inf and unzip it to your desktop.

Right-click on the deldomains.inf file that you saved earlier on your desktop and select 'Install'

This will remove all entries in the "Trusted Zone" and "Ranges" also. You will have to reimmunize with Spybot after doing this.

18. Open Notepad and copy and paste the following text in the quotebox into it:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"A70F6A1D-0195-42a2-934C-D8AC0F7C08EB"=-
"PTRGMYGK"=-
"98D0CE0C16B1"=-
"{12EE7A5E-0674-42f9-A76B-000000004D00}"=-
"SearchUpgrader"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify]
"javUBS"=-

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify]
"salpay"=-

[-HKEY_CLASSES_ROOT\CLSID\{A70F6A1D-0195-42a2-934C-D8AC0F7C08EB}]

[-HKEY_CLASSES_ROOT\CLSID\{12EE7A5E-0674-42f9-A76B-000000004D00}]


Save the file to the desktop as fix.reg and make sure the "Save as Type" field says "All Files". Then please go to the desktop and double-click on fix.reg, and click Yes to merge it with the registry.

19. You're using an outdated version of Java (latest one is Java Runtime Environment (JRE) 6.0). Older versions have vulnerabilities that malware can use to infect your system. Please update and remove the older versions. Do the following:
  • Go to Start > Control Panel double-click on the Software icon > add/remove programs.
  • Search in the list for all previous installed versions of Java. (J2SE Runtime Environment.... )

    It should have next icon next to it: Posted Image
    Select it and click Remove.
  • Then Download and install the newest version from here:

    Java Runtime Environment (JRE) 6.0
Please reboot again and post the AVG report together with the AboutBuster log and a new HijackThis log.

#12 strongtrees

strongtrees
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:03 AM

Posted 28 January 2007 - 10:26 AM

Thanks again
Sorry for frustrating you.
This is all new to me.
I will follow your instructions line by line and will then get back to you.

Hope to get it to it sometime this week. Working a lot.

Thanks .




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users