WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

I hope you can help

Started by kaminikij , Sep 03 2005 10:38 AM

This topic is locked

183 replies to this topic

#1 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 03 September 2005 - 10:38 AM

Hi, Im very new here and must tell you up front not very computer smart. I have been having problems with my computer and the wonderful people at pc pitstop suggested I post a highjack this log here. I am running windows xp sp2. One of the problems I am having is when I try to go to certain shopping websites I am immediaely knocked offline(I guess I should say I am on a cable modem) I also recieve a lot of error messages as "page cannot be displayed" , "done with errors on the page", "page not found"etc. Also find my computer is Ok when I turn it on in the morning but after I reboot(ex after my avg updates) my computer isnt stable. Afte downloading h.J. I feel like I am forcing this machine to run. I dont know how else to explain. To my untrained eye nothing in this log looks unusual
so Im at a lost to know if I have a spywareLogfile of HijackThis v1.99.1
Scan saved at 12:12:46 PM, on 9/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = adelphia.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

problem or conflicts on my computer. Only a week ago I spent $60 bucks with the geek squad and they dont have a clue.
Anyway here is the log, and thanks in advance. I hope I explained myself enough, thats part of the problem too.

Edited by kaminikij, 03 September 2005 - 10:39 AM.

Advertisements

Register to Remove

#2 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 09 September 2005 - 07:12 AM

Hi and welcome to the forum.

Step # 1

Please download and run CWShredder. Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

http://www.majorgeek...7fd6b3ff02edc90

REBOOT

Step #2

Please download and run Spybot 1.4 & AdAware SE Then follow the instructions in the link below to run.

Spybot & Adaware Tutorial

REBOOT

Step # 3

Then do a virus scan here >>> Trend Micro

Step # 4

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Install it, and update the definitions to the newest files.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.

#3 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 09 September 2005 - 08:36 AM

Hi and thanks for the help! My trendmicro anti spyware has Cw shredder installed. It picks up cws.msconfig everytime in safe mode. Yesteday I downloaded a seperate copy to be sure and the same. Problem is I cant find it on my computer now. Should I do again? I already have ad-aware and keep it updated always but I will go know and download spybot again. I have been using the trend micro online scan(virus and spyware almost everyday. Finds nothing but cookies. I also have ewido installed and it finds nothing. This morning I ran the beta version of the ewido online scan and all it came up with was 7 spyware cookies. yesterday when I ran trend micro(in safe mode) removed the cws thing and closed the program there was another window behind it that said " an error occured while scanningIe plugins. An unexpected error eas encounterd" Error# 0x80004003. Not a clue what that means but thats what prompted me to download cw shredder. I am going know to download spybot!

#4 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 09 September 2005 - 01:16 PM

Ok , I did it all. Trendmicro/cw shredder again found and removed cws.msconfig. Spybot removedcoolwwssearch and aveA.inc Ewido found nothing. kaminikij

#5 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 09 September 2005 - 01:18 PM

Can I see a new hijackthis log please.

#6 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 09 September 2005 - 01:24 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:19:16 PM, on 9/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\John\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.adelphia.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = adelphia.net
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://download.ewid...oOnlineScan.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

#7 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 09 September 2005 - 01:36 PM

Scan with hijackthis and put a check beside these lines and chooe FIX

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank

Lets do a deep scan.

Please download MicroWorld scanner for the link below. Make sure that you choose all files and directories. I warn that the scan will tak a long time and will not fix anything. Once the scan is completed in the LOWER box hilight all the files there then copy (ctrl +c) and paste it into the thread please.

Here >>>> http://www.mwti.net/antivirus/mwav.asp

#8 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 09 September 2005 - 02:48 PM

OK removed them both. Going to download the software now.

#9 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 09 September 2005 - 04:47 PM

it keeps telling me the post is to long.

#10 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 09 September 2005 - 05:07 PM

Siggyx, after posting it said the file will be saved. Will you have access to this. Im so sorry Im having such a hard time with this. Or should I downloan and try again?

Advertisements

Register to Remove

#11 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 09 September 2005 - 07:40 PM

I have tried 3 times to add the log file. Its huge and when I try to post either it tells me the file is too long and will be saved or I get timed out. It did find cwsearch among other thing, a huge amount of errors and some files could scan or something.I know I need to get this to you but how? Is there any other way? Now Im starting to panic.

#12 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 10 September 2005 - 05:20 AM

Fri Sep 09 20:04:41 2005 => **********************************************************
Fri Sep 09 20:04:41 2005 => MicroWorld Anti Virus & Spyware Toolkit Utility.
Fri Sep 09 20:04:41 2005 => Copyright © 2003-2005, MicroWorld Technologies Inc.
Fri Sep 09 20:04:41 2005 =>
Fri Sep 09 20:04:41 2005 => Support: support@mwti.net
Fri Sep 09 20:04:41 2005 => Web: http://www.mwti.net
Fri Sep 09 20:04:41 2005 => **********************************************************
Fri Sep 09 20:04:41 2005 => Version 7.1.4 (C:\DOCUME~1\John\LOCALS~1\Temp\mwavscan.com)
Fri Sep 09 20:04:41 2005 => Log File: C:\DOCUME~1\John\LOCALS~1\Temp\MWAV.LOG
Fri Sep 09 20:04:41 2005 => User Account: John
Fri Sep 09 20:04:41 2005 => Windows Root Folder: C:\WINDOWS
Fri Sep 09 20:04:41 2005 => Windows Sys32 Folder: C:\WINDOWS\system32
Fri Sep 09 20:04:41 2005 => OS: Windows NT
Fri Sep 09 20:04:41 2005 => Latest Date of files inside MWAV: 09 Sep 2005 08:02:44.

Fri Sep 09 20:04:41 2005 => Options Selected by User:
Fri Sep 09 20:04:41 2005 => Memory Check: Enabled
Fri Sep 09 20:04:41 2005 => Registry Check: Enabled
Fri Sep 09 20:04:41 2005 => StartUp Folder Check: Enabled
Fri Sep 09 20:04:41 2005 => System Folder Check: Enabled
Fri Sep 09 20:04:41 2005 => System Area Check: Disabled
Fri Sep 09 20:04:41 2005 => Services Check: Enabled
Fri Sep 09 20:04:41 2005 => Drive Check: Disabled
Fri Sep 09 20:04:41 2005 => All Drive Check :Enabled
Fri Sep 09 20:04:41 2005 => Folder Check: Enabled
Fri Sep 09 20:04:41 2005 => Folder Selected = C:\WINDOWS

Fri Sep 09 20:04:41 2005 => ***** Scanning Memory Files *****
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\System32\smss.exe
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\ntdll.dll
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\SYSTEM32\CSRSS.EXE
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\CSRSRV.dll
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\basesrv.dll
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\winsrv.dll
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\GDI32.dll
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\KERNEL32.dll
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\USER32.dll
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\sxs.dll
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\ADVAPI32.dll
Fri Sep 09 20:04:41 2005 => Scanning File C:\WINDOWS\system32\RPCRT4.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\SYSTEM32\WINLOGON.EXE
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\AUTHZ.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\msvcrt.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\CRYPT32.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\MSASN1.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\NDdeApi.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\PROFMAP.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\NETAPI32.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\USERENV.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\PSAPI.DLL
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\REGAPI.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\Secur32.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\SETUPAPI.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\VERSION.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\WINSTA.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\WINTRUST.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\IMAGEHLP.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\WS2_32.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\WS2HELP.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\MSGINA.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\SHELL32.dll
Fri Sep 09 20:04:42 2005 => Scanning File C:\WINDOWS\system32\SHLWAPI.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\COMCTL32.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\ODBC32.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\comdlg32.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\odbcint.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\SHSVCS.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\sfc.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\sfc_os.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\ole32.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\Apphelp.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\WINSCARD.DLL
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\WTSAPI32.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\WINMM.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\cscdll.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\WlNotify.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\WINSPOOL.DRV
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\MPR.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\rsaenh.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\uxtheme.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\SAMLIB.dll
Fri Sep 09 20:04:43 2005 => Scanning File C:\WINDOWS\system32\msv1_0.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\iphlpapi.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\cscui.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\xpsp2res.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\NTMARTA.DLL
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\WLDAP32.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\wdmaud.drv
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\msacm32.drv
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\MSACM32.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\midimap.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\COMRes.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\OLEAUT32.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\CLBCATQ.DLL
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\services.exe
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\SCESRV.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\umpnpmgr.dll
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\NCObjAPI.DLL
Fri Sep 09 20:04:44 2005 => Scanning File C:\WINDOWS\system32\MSVCP60.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\ShimEng.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\AppPatch\AcGenral.DLL
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\eventlog.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\lsass.exe
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\LSASRV.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\NTDSAPI.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\DNSAPI.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\SAMSRV.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\cryptdll.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\msprivs.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\kerberos.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\netlogon.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\w32time.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\schannel.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\wdigest.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\scecli.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\ipsecsvc.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\oakley.DLL
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\WINIPSEC.DLL
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\pstorsvc.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\mswsock.dll
Fri Sep 09 20:04:45 2005 => Scanning File C:\WINDOWS\system32\hnetcfg.dll
Fri Sep 09 20:04:46 2005 => Scanning File C:\WINDOWS\System32\wshtcpip.dll
Fri Sep 09 20:04:46 2005 => Scanning File C:\WINDOWS\system32\psbase.dll
Fri Sep 09 20:04:46 2005 => Scanning File C:\WINDOWS\system32\dssenh.dll
Fri Sep 09 20:04:46 2005 => Scanning File C:\WINDOWS\system32\svchost.exe
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\rpcss.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\termsrv.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\ICAAPI.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\mstlsapi.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\ACTIVEDS.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\adsldpc.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\ATL.DLL
Fri Sep 09 20:04:46 2005 => Scanning File C:\WINDOWS\System32\winrnr.dll
Fri Sep 09 20:04:46 2005 => Scanning File C:\WINDOWS\system32\rasadhlp.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\dhcpcsvc.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\wzcsvc.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\rtutils.dll
Fri Sep 09 20:04:46 2005 => Scanning File c:\windows\system32\WMI.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\ESENT.dll
Fri Sep 09 20:04:47 2005 => Scanning File C:\WINDOWS\System32\rastls.dll
Fri Sep 09 20:04:47 2005 => Scanning File C:\WINDOWS\system32\CRYPTUI.dll
Fri Sep 09 20:04:47 2005 => Scanning File C:\WINDOWS\system32\WININET.dll
Fri Sep 09 20:04:47 2005 => Scanning File C:\WINDOWS\System32\MPRAPI.dll
Fri Sep 09 20:04:47 2005 => Scanning File C:\WINDOWS\System32\RASAPI32.dll
Fri Sep 09 20:04:47 2005 => Scanning File C:\WINDOWS\System32\rasman.dll
Fri Sep 09 20:04:47 2005 => Scanning File C:\WINDOWS\System32\TAPI32.dll
Fri Sep 09 20:04:47 2005 => Scanning File C:\WINDOWS\System32\raschap.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\schedsvc.dll
Fri Sep 09 20:04:47 2005 => Scanning File C:\WINDOWS\System32\MSIDLE.DLL
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\audiosrv.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\wkssvc.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\qmgr.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\SHFOLDER.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\WINHTTP.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\netman.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\netshell.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\credui.dll
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\WZCSAPI.DLL
Fri Sep 09 20:04:47 2005 => Scanning File c:\windows\system32\srvsvc.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\pchealth\helpctr\binaries\pchsvc.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\es.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\ersvc.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\cryptsvc.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\certcli.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\srsvc.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\POWRPROF.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\seclogon.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\trkwks.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\wuauserv.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\wbem\wmisvc.dll
Fri Sep 09 20:04:48 2005 => Scanning File C:\WINDOWS\system32\VSSAPI.DLL
Fri Sep 09 20:04:48 2005 => Scanning File C:\WINDOWS\system32\wuaueng.dll
Fri Sep 09 20:04:48 2005 => Scanning File C:\WINDOWS\System32\ADVPACK.dll
Fri Sep 09 20:04:48 2005 => Scanning File C:\WINDOWS\System32\Cabinet.dll
Fri Sep 09 20:04:48 2005 => Scanning File C:\WINDOWS\System32\mspatcha.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\sens.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\browser.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\wscsvc.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\msi.dll
Fri Sep 09 20:04:48 2005 => Scanning File c:\windows\system32\ipnathlp.dll
Fri Sep 09 20:04:48 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemcomn.dll
Fri Sep 09 20:04:48 2005 => Scanning File C:\WINDOWS\System32\Wbem\wbemcore.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\Wbem\esscli.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\Wbem\FastProx.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemsvc.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\system32\comsvcs.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\system32\MTXCLU.DLL
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\system32\WSOCK32.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\system32\colbact.DLL
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\CLUSAPI.DLL
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\RESUTILS.DLL
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiutils.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\wbem\repdrvfs.dll
Fri Sep 09 20:04:49 2005 => Scanning File c:\windows\system32\tapisrv.dll
Fri Sep 09 20:04:49 2005 => Scanning File c:\windows\system32\rasmans.dll
Fri Sep 09 20:04:49 2005 => Scanning File c:\windows\system32\netcfgx.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\wbem\wmiprvsd.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemess.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\rastapi.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\upnp.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\SSDPAPI.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\unimdm.tsp
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\uniplat.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\System32\unimdmat.dll
Fri Sep 09 20:04:49 2005 => Scanning File C:\WINDOWS\system32\modemui.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\kmddsp.tsp
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\ndptsp.tsp
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\ipconf.tsp
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\h323.tsp
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\hidphone.tsp
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\HID.DLL
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\rasppp.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\ntlsapi.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\wbem\ncprov.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\RASDLG.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\msxml3.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\system32\wups.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\cryptnet.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\System32\SensApi.dll
Fri Sep 09 20:04:50 2005 => Scanning File c:\windows\system32\lmhsvc.dll
Fri Sep 09 20:04:50 2005 => Scanning File c:\windows\system32\webclnt.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\system32\urlmon.dll
Fri Sep 09 20:04:50 2005 => Scanning File c:\windows\system32\ssdpsrv.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\system32\LEXBCES.EXE
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\system32\lexp2p32.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\system32\lex2kusb.dll
Fri Sep 09 20:04:50 2005 => Scanning File C:\WINDOWS\system32\LEXPPS.EXE
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\LEXBCE.DLL
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\spoolsv.exe
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\SPOOLSS.DLL
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\localspl.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\cnbjmon.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\LEXLMPM.DLL
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\pjlmon.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\tcpmon.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\usbmon.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBAPP5C.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\System32\spool\PRTPROCS\W32X86\WfxPrint2000.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\win32spl.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\NETRAP.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\inetpp.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\DLBApwr.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\Explorer.EXE
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\BROWSEUI.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\SHDOCVW.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\System32\themeui.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\System32\MSIMG32.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\System32\actxprxy.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\ntshrui.dll
Fri Sep 09 20:04:51 2005 => Scanning File C:\WINDOWS\system32\LINKINFO.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\System32\webcheck.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\System32\stobject.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\System32\BatMeter.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\system32\upnpui.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\PROGRA~1\ewido\SECURI~1\SHELLH~1.DLL
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\system32\MSVCR71.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\PROGRA~1\TRENDM~1\Tmas\sshook.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\system32\shdoclc.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\System32\drprov.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\System32\ntlanman.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\System32\NETUI0.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\System32\NETUI1.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\WINDOWS\System32\davclnt.dll
Fri Sep 09 20:04:52 2005 => Scanning File C:\PROGRA~1\QUICKT~1\qttask.exe
Fri Sep 09 20:04:52 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\libsasl.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\WINDOWS\system32\MSVCP71.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgcfg.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgklib.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avglng.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgscan.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgunarc.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\saslcrammd5.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\sasldigestmd5.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\sasllogin.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\saslplain.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgmail.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgemcps.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Java\JRE15~2.0_0\bin\jusched.exe
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avglog.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\WINDOWS\System32\wbem\wbemprox.dll
Fri Sep 09 20:04:53 2005 => Scanning File C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
Fri Sep 09 20:04:54 2005 => Scanning File C:\WINDOWS\system32\cisvc.exe
Fri Sep 09 20:04:54 2005 => Scanning File C:\WINDOWS\system32\query.dll
Fri Sep 09 20:04:54 2005 => Scanning File C:\WINDOWS\System32\locator.exe
Fri Sep 09 20:04:54 2005 => Scanning File c:\windows\system32\wiaservc.dll
Fri Sep 09 20:04:54 2005 => Scanning File c:\windows\system32\CFGMGR32.dll
Fri Sep 09 20:04:54 2005 => Scanning File c:\windows\system32\mscms.dll
Fri Sep 09 20:04:54 2005 => Scanning File C:\WINDOWS\System32\WIAFBDRV.DLL
Fri Sep 09 20:04:54 2005 => Scanning File C:\PROGRA~1\DELLAI~1\dlbamcro.dll
Fri Sep 09 20:04:54 2005 => Scanning File C:\PROGRA~1\DELLAI~1\ConvDIB.dll
Fri Sep 09 20:04:54 2005 => Scanning File C:\WINDOWS\system32\wdfmgr.exe
Fri Sep 09 20:04:54 2005 => Scanning File C:\WINDOWS\System32\alg.exe
Fri Sep 09 20:04:54 2005 => Scanning File C:\WINDOWS\system32\cidaemon.exe
Fri Sep 09 20:04:54 2005 => Scanning File C:\WINDOWS\system32\LangWrbk.dll
Fri Sep 09 20:04:54 2005 => Scanning File C:\WINDOWS\system32\cabview.dll
Fri Sep 09 20:04:54 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\mwavscan.com
Fri Sep 09 20:04:54 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\msvlclnt.dll
Fri Sep 09 20:04:55 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavssdi.dll
Fri Sep 09 20:04:55 2005 => Scanning File C:\DOCUME~1\John\LOCALS~1\Temp\kavssd.dll

#13 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 10 September 2005 - 10:52 AM

Object "cws.therealsearch Spyware/Adware" found in File System! Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object "C:\WINDOWS\Downloaded Program Files\asinst.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bantam.dll" refers to invalid object "bantam.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bdeadmin.hlp" refers to invalid object "bdeadmin.hlp". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\blw32.dll" refers to invalid object "blw32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\disp.dll" refers to invalid object "disp.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idapi32.dll" refers to invalid object "idapi32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idasci32.dll" refers to invalid object "idasci32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idbat32.dll" refers to invalid object "idbat32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idda3532.dll" refers to invalid object "idda3532.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddao32.dll" refers to invalid object "iddao32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddbas32.dll" refers to invalid object "iddbas32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\iddr32.dll" refers to invalid object "iddr32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idodbc32.dll" refers to invalid object "idodbc32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idpdx32.dll" refers to invalid object "idpdx32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idqbe32.dll" refers to invalid object "idqbe32.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idr20009.dll" refers to invalid object "idr20009.dll". Action Taken: No Action Taken. Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\idsql32.dll" refers to invalid object "idsql32.dll". Action Taken: No Action Taken. Entry "HKCR\CLSID\{1EFD6A40-3999-11CF-9150-00AA0059F70D}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{3775D2E0-7C5D-11CF-899E-00AA00688B10}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken. Entry "HKCR\CLSID\{C1A8AF25-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{00A987AE-587B-4343-B826-89F17AB41A03}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{01111F01-3E00-11D2-8470-0060089874ED}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{06645894-E73C-413B-8704-71823A9C39B5}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{0B54F548-639F-462F-BCDE-9557B8AB378F}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{0C5D39A3-460B-11D4-ADE1-0050DACD3DB9}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{0E9FFA9E-B267-44DF-BC81-2B08E3977ED5}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{12D56325-94E3-4E74-A91B-586982151C2F}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{16D8D842-6E64-489F-99BB-D6CEF503A74E}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{1B280200-9DE7-11D4-A2D4-001083025146}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{1B8B281E-F67E-4212-8D3B-C98B8AE18DA4}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{21C00D6D-3FC1-4F53-BBA4-254FE05D3083}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{229B78B8-38F5-11D5-9001-00C04F4C3B9F}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{2316B3B3-9AA8-4184-9C93-D927D74396B4}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{248DD890-BB45-11CF-9ABC-0080C7E7B78D}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{296802FE-345A-4CA4-B941-692B8622CC69}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{2C620D34-AD2B-443D-ABBA-52803E3D97AB}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{307DE02D-679A-49B9-B582-6E623BE9386F}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{3849C543-5916-42C8-AB90-5545DF70D302}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{399CB6B4-7312-11D2-B4D9-00105A0422DF}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{39DC8E5F-A573-4D58-8A13-6877A3B672EA}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{3A78B247-8014-4A8B-A9B6-9A2C5F13FFEB}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{3F8E02B4-6601-41A2-95E7-6BD102935C55}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{4F7D1B07-6203-41F0-947B-A29CC9ECD9B0}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{51076341-C7DE-4745-9E02-E36E34FCCC56}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{57B2FD05-64D4-4AD7-A92A-7C32FE50A0F4}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{64E26A20-8A9E-4B33-9F8D-F3663F13811E}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{6B58B5D9-7405-11D2-8F58-00E02916007D}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{731B9F1D-5496-45D5-BCBF-4071980A1E08}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{7730E782-A89A-11D3-9982-0060B088BBCA}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{782A367E-CAB7-40F7-AB6F-76E50A3490D5}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{79C10055-C1B5-4754-AC44-003784AA3A44}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{7AF322C5-AB43-11D4-A00B-0050DA18DE71}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{87099223-C7AF-11D0-B225-00C04FB6C2F5}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{8BBDA247-CE76-11D3-A2CE-00108335731F}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{8D66A700-5DF0-4706-9ACA-FEB467A7A853}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{A0739880-6BF8-11D6-A10D-0010A49A288A}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{A2B9D5F0-69CF-4B5F-8C41-D2D2DCB455CD}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{A73B6F3D-FD35-4992-AB4B-4AD729BB20E7}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{BB9EF4CE-09E6-44C5-A6E9-AD9A471B4025}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{BDC217C8-ED16-11CD-956C-0000C04E4C0A}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{BFF38E2D-B1D9-48F9-B11D-4F8A150F1C84}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{C114555B-A454-11D4-9020-00D0B7239081}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{C1A8AF28-1257-101B-8FB0-0020AF039CA3}" refers to invalid object "E:\PROGRAM\32\mci32.ocx". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{C247746F-F717-42C5-A739-E5E3F9A136D9}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{C3228F9F-884F-11D5-B504-000629D0B82A}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{CC491105-58FA-437F-A1CE-CC947B6AFE4F}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{CEACE91F-3F71-4A8C-B952-63716B2BC026}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{D4641E01-11AD-4307-B8B1-35987AD76501}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{DA2FAE70-6518-4700-A264-3500A380F695}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{DCB43485-19FB-4D6D-BB3D-73C7F48D5F00}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{DCCAF17F-7581-4C86-9867-56D9405FAC3F}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{DD3FCE4D-8442-4EFA-A71E-1C131F502F4A}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{E3852602-B619-11D6-94EC-00047521F020}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{E7BC34A0-BA86-11CF-84B1-CBC2DA68BF6C}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{E86F5307-002B-49A2-89C4-0784C44052C4}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{ECAD18F1-CA65-11D6-8A1B-00E029570A3E}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{ED5AD83E-C897-4566-A286-214CE9D24FC3}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{EEE78583-FE22-11D0-8BEF-0060081841DE}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\TypeLib\{F3CA5660-C5DA-11CF-8F28-00AA0060FD48}" refers to invalid object "blank". Action Taken: No Action Taken. Entry "HKCR\.bkf" refers to invalid object "msbackupfile". Action Taken: No Action Taken. Entry "HKCR\webcal\shell\open\command" refers to invalid object "blank". Action Taken: No Action Taken.

#14 kaminikij

Authentic Member

Authentic Member
111 posts

Posted 10 September 2005 - 10:56 AM

#15 Siggyx

SuperHelper

Authentic Member
6,776 posts

Posted 11 September 2005 - 07:27 AM

Please save these instructions to WordPad so that you have them accessible while following the steps. You also may want to print out these directions as the Internet will not be available.

After downloading the tools, you must disconnect from the internet totally, because staying connected while fixing will prevent the fix from working. Also please keep Internet Explorer and Outlook Express closed throughout as opening either will reinstall the infection.

To replace Internet Explorer to use during this fix, please use Internet Explorer once to download and install FireFox, to be used as your alternate browser throughout this fix.

Close Outlook Express and Internet Explorer for the duration of this fix

:Download About Buster Do Not Use Yet

1. Please download About:Buster from here: http://www.malwareby...boutBuster5.zip.

2. Once it is downloaded extract it to c:\aboutbuster.

3. Check to make sure it is up-to-date. Please Do NOT use it yet

Next

:Download CWShredder Do Not Use Yet

1. Please Download the most recent version of CWShredder, from CWSInstall.exe

2. Check for Updates but please Do NOT use it yet

NEXT

:Download A Registry File to Remove Registry Entries Do Not Use Yet

Please download the following zip file to your desktop:
HSfix
Double Click on HSfix.zip and it will unzip to a new folder it makes on your desktop, called HSfix
Do Not Use It Yet

NEXT

:Download Registrar Lite Do Not Use Yet

Another program to download is Registrar Lite for use later: Please download Registrar Lite and install it to C:\Program Files\RegLite\ . This is a registry editor that is very easy to use. Caution should be exercised when editing the registry as it is very easy to render a Computer unbootable by deleting the wrong key

Boot to safe mode.

: Backup The Registry

In the next step we are going to remove a service that gets installed by this malware.

1. Open Registrar Lite and run it.

2. Copy and paste the bold text below into the address bar of Registrar Lite:(this is making a Registry backup for safety in case of error)

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

Go to File> Export and and save as (in the C:\Program Files\Registrar Lite (Reglite) folder):

1.) Winkey.reg (Save as type: regedit4 .reg type)
2.) Winkey.hiv (Save as type: Scroll to select-regetd32/WinAPI *hiv *dat files)

: Use the HSfix.reg file

Navigate to the HSfix folder on your Desktop
Then double-click on the HSfix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.
if you have a popup from any of your protection programs asking if you want to make a change to the registry, say Yes or Accept it

:Fixing With CWShredder

CLOSE ALL WINDOWS except CWShredder
Run the program by clicking 'fix' and letting it fix all CWS remnants.

:Fixing With About Buster

This is the step where we will use About:Buster that you had downloaded previously.

Navigate to the c:\aboutbuster directory
double-click on aboutbuster.exe
When the tool opens press the OK button, then Start button, then the OK button
then finally the Yes button. It will start scanning your computer for files.
If it asks if you would like to do a second pass, allow it to do so.
Post the log file in your next reply

:Scan With Ewido Security Suite

Launch Ewido again
Click on Scanner>Complete System Scan.
Let the program scan your PC.
When the scan asks to clean files click OK.
When scan is completed, click Save report. to your desktop.
Post the report in your next reply.

Reboot your computer back to normal mode and

Reconnect To The Internet

:Scan and Post a New HJT log with other logs

Scan again with HijackThis.
Post your logs from HijackThis, About Buster, and Ewido Security Suite here in this thread with any questions or problems that you have run into.
There are still some steps that are necessary to clear out all of the malware. There will be necessary files that it has deleted that will need to be replaced.

Good Luck!

Body Background

skin color theme