WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93122 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Ie Hijack

Started by mrouldug , Oct 24 2004 07:41 AM

Please log in to reply

3 replies to this topic

#1 mrouldug

New Member

New Member
2 posts

Posted 24 October 2004 - 07:41 AM

I am a newbie who's been trying to get rid of a nasty hijack of my Internet Explorer for te last month or so. The home page is now a lousy portal page + search engine with "warning" and "spyware removal" windows popping up every five minutes, and they are really annoying.

I've be running ad-aware and spyremoval, and I've been unsuccessful. I then cleared all the temp files, ran HijackThis, and looked at all files one after the other. I removed the R1 files, but to no avail.

Can someone orient me to te right forum? I suspect this has been solved before.

Thanks.

Martin

Logfile of HijackThis v1.97.7
Scan saved at 15:29:39, on 24/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\WINDOWS\System32\NALNTSRV.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\System32\wm.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\Spoke Client\SpokeSysTray.exe
C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Chatango\Chatango.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\GuruNet\GuruNet.exe
C:\Palm\HOTSYNC.EXE
C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\documents and Settings\ebay860\Desktop\HijackThis.exe
C:\PROGRA~1\INCRED~1\bin\IncMail.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\ebay860\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\ebay860\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\ebay860\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://D:\DOCUME~1\ebay860\LOCALS~1\Temp\sp.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://D:\DOCUME~1\ebay860\LOCALS~1\Temp\sp.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://D:\DOCUME~1\ebay860\LOCALS~1\Temp\sp.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pia.fr.schnei.../data/proxy.pac
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: (no name) - {12A41030-22E0-4423-8077-33E830BDB29F} - C:\WINDOWS\System32\cepaie.dll
O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O3 - Toolbar: HLIeBar - {0A120D41-244B-11D5-8122-005004F6D77D} - C:\Program Files\HumanLinks\bin\HLIeBar.dll
O3 - Toolbar: Spoke - {4FC00340-F75E-4EB5-880C-651A8A76965F} - C:\Program Files\Spoke Client\SpokeToolBand.dll
O3 - Toolbar: Vivisimo - {5538fb62-f725-4433-a965-91314e8d8e4d} - C:\Program Files\Vivisimo\Toolbar\toolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - C:\PROGRA~1\GuruNet\Toolbar\GuruNetToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Shell Library Loader] load shell.dll /c /set
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [SpokeSysTray] "C:\Program Files\Spoke Client\SpokeSysTray.exe" -w
O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
O4 - HKCU\..\Run: [Chatango] C:\Program Files\Chatango\Chatango.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Vivisimo Meta-Search - res://C:\Program Files\Vivisimo\Toolbar\toolbar1.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: MT It! - http://blog.mopsos.c...s&bm_height=880
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in NewzCrawler - file://C:\Program Files\NewzCrawler\context.htm
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O9 - Extra button: Swarming (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Newz Crawler (HKLM)
O9 - Extra 'Tools' menuitem: Newz Crawler (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.micr...0367/wmavax.CAB
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.fr/qp2.cab
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.c...GNInstaller.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {1D88A37D-B626-4C6F-96C9-6E8AD61C2412} (InstallHelper Class) - http://survey.prod.t...stallHelper.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.pl...quicksilver.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...RdxIE601_fr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - https://www.projectl.../dolcontrol.cab
O16 - DPF: {5C8D0494-02F2-40E9-8EBF-07FED5919629} - http://www.goodconta...oodContacts.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {715A3997-ADE8-4399-AD92-353958D75076} (XUpdater Control) - http://www.bluefalco...0.01/SS_POC.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8054.2411689815
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.micr...N-US/msorun.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://139.160.63.14...aDownloader.cab
O16 - DPF: {B25BC1C3-8A1B-459C-92E2-2D21025AD7CF} (Installer Class) - https://center.spoke...SpokeClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://worldcomssl....bex/ieatgpc.cab
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - http://e2.eroom.com/...etup/client.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr.schneider-electric.com
O17 - HKLM\Software\..\Telephony: DomainName = fr.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fr.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 139.160.77.13 139.160.111.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fr.schneider-electric.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 139.160.77.13 139.160.111.43

Advertisements

Register to Remove

#2 Micah_6:8

Evilware Emancipator

Authentic Member
10,060 posts

Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 24 October 2004 - 10:02 AM

Greetings and welcome to TomCoyote.org!

Please try this:

Download FxAgentB.exe from here and save it to your desktop. After downloading, double-click the FxAgentB file to run it and the program will scan your entire hard drive - this may take a while. When it is done, it will generate a log file called FxAgentB.log - save that information as you will need to paste it here later. Reboot when done.

Next click here to download CWShredder by Merijn Bellekom and run it, hit 'fix' as opposed to 'scan only'. If you already have CWShredder, click 'Check for update' and make sure you are running version 1.59.1. Reboot when done.

Then click here to download Ad-Aware SE and install. Before scanning click on "check for updates now" to make sure you have the latest reference file. Click "Start", select "Perform Full System scan" and "Next" to start the scan. When the scan is finished, the screen will tell you if anything has been found, click "Next". The bad files will be listed, right click the pane and click "Select all objects" - this will put a check mark in the box at the side, click "Next" again and click "OK" at the prompt "# objects will be removed. Continue?".

Reboot when done, rescan with HijackThis and post a new log here, together with the FxAgentB log.

Micah 6:8 He hath shewed thee, O man, what is good; and what doth the LORD require of thee, but to do justly, and to love mercy, and to walk humbly with thy God?

The help you receive here is free.
If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.

Download Hijack This! My Website: UnSpyMe!

#3 mrouldug

New Member

New Member
2 posts

Posted 27 October 2004 - 10:58 AM

Thanks Micah,

:scratch:

I did exactly what you recommended, rebooting at each step. It appeared as if everything was back to normal but after closing and restarting IE twice, the lousy home page and the spyware pop-ups are back.

This is the log for ad-aware:

Ad-Aware SE Build 1.04
Logfile Created on:mardi 26 octobre 2004 10:25:11
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R15 26.10.2004
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):15 total references
MyWay.Speedbar(TAC index:0):1 total references
Possible Browser Hijack attempt(TAC index:3):2 total references
Tracking Cookie(TAC index:3):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

26-10-2004 10:25:11 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 1212
ThreadCreationTime : 26-10-2004 06:41:23
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1340
ThreadCreationTime : 26-10-2004 06:41:25
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1364
ThreadCreationTime : 26-10-2004 06:41:27
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 26-10-2004 06:41:27
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1420
ThreadCreationTime : 26-10-2004 06:41:27
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1592
ThreadCreationTime : 26-10-2004 06:41:28
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1812
ThreadCreationTime : 26-10-2004 06:41:28
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 244
ThreadCreationTime : 26-10-2004 06:41:30
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 576
ThreadCreationTime : 26-10-2004 06:41:30
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 664
ThreadCreationTime : 26-10-2004 06:41:31
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 896
ThreadCreationTime : 26-10-2004 06:41:40
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:12 [ati2evxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 908
ThreadCreationTime : 26-10-2004 06:41:40
BasePriority : Normal

#:13 [cpqalert.exe]
FilePath : C:\Program Files\Compaq\Compaq Management Agents\
ProcessID : 920
ThreadCreationTime : 26-10-2004 06:41:40
BasePriority : Normal
FileVersion : 5.0.1.2
ProductVersion : 5.00 B2
ProductName : Compaq Management Agents
CompanyName : Compaq Computer Corporation
FileDescription : Compaq Local Alert Service
InternalName : CPQALERT
LegalCopyright : © 1995-2001 Compaq Computer Corporation.
OriginalFilename : CPQALERT.EXE

#:14 [cpqdfwag.exe]
FilePath : C:\WINDOWS\Cpqdiag\
ProcessID : 940
ThreadCreationTime : 26-10-2004 06:41:40
BasePriority : Normal
FileVersion : 2.14.2001
ProductVersion : 2.14
ProductName : Compaq Remote Diagnostics Enabling Agent
CompanyName : Compaq Computer Corporation
FileDescription : Compaq Diagnostics Application
InternalName : Cpqdfwag
LegalCopyright : Copyright © 1999, 2001
OriginalFilename : Cpqdfwag.exe

#:15 [webdmi.exe]
FilePath : C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\
ProcessID : 992
ThreadCreationTime : 26-10-2004 06:41:40
BasePriority : Normal
FileVersion : 5.0.1.2
ProductVersion : 5.00 B2
ProductName : Compaq Management Agents
CompanyName : Compaq Computer Corporation
FileDescription : Compaq DMI Web Management Service
InternalName : CPQWBDMI
LegalCopyright : © 1995-2001 Compaq Computer Corporation.
OriginalFilename : CPQWBDMI.EXE

#:16 [defwatch.exe]
FilePath : C:\Program Files\NavNT\
ProcessID : 1036
ThreadCreationTime : 26-10-2004 06:41:40
BasePriority : Normal
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Virus Definition Daemon
InternalName : DefWatch
LegalCopyright : Copyright © 1998 Symantec Corporation
OriginalFilename : DefWatch.exe

#:17 [hibserv.exe]
FilePath : C:\PROGRA~1\Compaq\COMPAQ~2\
ProcessID : 1080
ThreadCreationTime : 26-10-2004 06:41:40
BasePriority : Normal
FileVersion : 4.10.2.1
ProductVersion : 4.10.2.1
ProductName : HIBSERV Service
FileDescription : Compaq Power Management Service
InternalName : HIBSERV
LegalCopyright : Copyright © 2001
OriginalFilename : HIBSERV.EXE

#:18 [nalntsrv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1116
ThreadCreationTime : 26-10-2004 06:41:40
BasePriority : Normal
FileVersion : 3.2.2 NAL NT Service (20030425)
ProductVersion : 3, 2, 2, 0
ProductName : Novell nalntsrv
CompanyName : Novell, Inc.
FileDescription : NT Service for Novell Application Launcher
InternalName : nalntsrv
LegalCopyright : Copyright © 1998 - 2003 Novell, Inc. All Rights Reserved. Patent Pending.
OriginalFilename : nalntsrv.exe

#:19 [netcfgsv.exe]
FilePath : C:\PROGRA~1\AT&TGL~1\
ProcessID : 1156
ThreadCreationTime : 26-10-2004 06:41:40
BasePriority : Normal
FileVersion : 5.08.2
ProductVersion : 5.08.2
ProductName : NetCfgSvr Module
CompanyName : AT&T
FileDescription : Network configuration service
InternalName : NetCfgSvr
LegalCopyright : Copyright © 2003 AT&T. All Rights Reserved.
OriginalFilename : NetCfgSvr.EXE

#:20 [nmssvc.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1184
ThreadCreationTime : 26-10-2004 06:41:41
BasePriority : Normal
FileVersion : 2.0.24.3
ProductVersion : 2.0.24.3
ProductName : NMS
CompanyName : Intel Corporation
FileDescription : NMS Module
InternalName : NMS Module
LegalCopyright : Copyright © 2000-2001 Intel Corp. All Rights Reserved

#:21 [rtvscan.exe]
FilePath : C:\Program Files\NavNT\
ProcessID : 1764
ThreadCreationTime : 26-10-2004 06:41:41
BasePriority : Normal
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2000

#:22 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1960
ThreadCreationTime : 26-10-2004 06:41:42
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:23 [win32sl.exe]
FilePath : C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\
ProcessID : 2016
ThreadCreationTime : 26-10-2004 06:41:42
BasePriority : Normal
FileVersion : 2, 0, 0, 54
ProductVersion : 2, 0, 0, 54
ProductName : DMI 2.0 SDK
CompanyName : Intel
FileDescription : WIN32SL
InternalName : WIN32SL
LegalCopyright : Copyright © 1996-1997 Intel Corporation
OriginalFilename : WIN32SL.exe

#:24 [wm.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 200
ThreadCreationTime : 26-10-2004 06:41:42
BasePriority : Normal
FileVersion : v4.83
ProductVersion : v4.83
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell Client Workstation Manager Service
InternalName : WM
LegalCopyright : Copyright © 1992-2002 Novell, Inc.
OriginalFilename : WM.EXE

#:25 [cpqdmi.exe]
FilePath : C:\PROGRA~1\Compaq\COMPAQ~1\
ProcessID : 596
ThreadCreationTime : 26-10-2004 06:41:44
BasePriority : Normal
FileVersion : 5.0.1.2
ProductVersion : 5.00 B2
ProductName : Compaq Management Agents
CompanyName : Compaq Computer Corporation
FileDescription : Compaq DMI Service Extension
InternalName : CPQDMI
LegalCopyright : © 1995-2001 Compaq Computer Corporation.
OriginalFilename : CPQDMI.EXE

#:26 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1748
ThreadCreationTime : 26-10-2004 06:42:45
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:27 [dpmw32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1664
ThreadCreationTime : 26-10-2004 06:42:48
BasePriority : Normal

#:28 [nwtray.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2040
ThreadCreationTime : 26-10-2004 06:42:52
BasePriority : Normal
FileVersion : v4.83
ProductVersion : v4.83
ProductName : Novell Client for Windows
CompanyName : Novell, Inc.
FileDescription : Novell System Tray Icon
LegalCopyright : Copyright © 1992-2002 Novell, Inc.
OriginalFilename : NWTRAY.EXE

#:29 [chkadmin.exe]
FilePath : C:\PROGRA~1\Compaq\COMPAQ~1\
ProcessID : 2056
ThreadCreationTime : 26-10-2004 06:42:52
BasePriority : Normal
FileVersion : 5.0.1.2
ProductVersion : 5.00 B2
ProductName : CHKADMIN Application
CompanyName : Compaq Computer Corporation
FileDescription : CHKADMIN MFC Application
InternalName : CHKADMIN
LegalCopyright : © 1995-2001 Compaq Computer Corporation.
OriginalFilename : CHKADMIN.EXE

#:30 [vptray.exe]
FilePath : C:\Program Files\NavNT\
ProcessID : 2084
ThreadCreationTime : 26-10-2004 06:42:53
BasePriority : Normal
FileVersion : 7.60.00.926
ProductVersion : 7.60.00.926
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus
LegalCopyright : Copyright © Symantec Corporation 1991-2000

#:31 [hkss.exe]
FilePath : C:\Program Files\Compaq\Hotkey Software\
ProcessID : 2112
ThreadCreationTime : 26-10-2004 06:42:54
BasePriority : Normal
FileVersion : 1.1.C1
ProductVersion : 1.1.C1
ProductName : Hot Key Support Software
CompanyName : Compaq Computer Corporation
FileDescription : Hot Key Support Software Loader
InternalName : HKSS
LegalCopyright : ©2000 Compaq Computer Corporation
OriginalFilename : hkss.exe

#:32 [cpqek.exe]
FilePath : C:\Program Files\Compaq\Compaq EAB Software\
ProcessID : 2124
ThreadCreationTime : 26-10-2004 06:42:54
BasePriority : Normal
FileVersion : 2, 2, 2, 1
ProductVersion : 2, 2, 2, 1
ProductName : Cpqek Application
CompanyName : Compaq Computer Corporation
FileDescription : Compaq EAB Software
InternalName : Cpqek
LegalCopyright : Copyright © 2001
OriginalFilename : cpqek.exe

#:33 [atiptaxx.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2132
ThreadCreationTime : 26-10-2004 06:42:54
BasePriority : Normal
FileVersion : 6.13.10.2534
ProductVersion : 6.13.10.2534
ProductName : ATI Desktop Component
CompanyName : ATI Technologies, Inc.
FileDescription : ATI Desktop Control Panel
InternalName : Atiptaxx.exe
LegalCopyright : Copyright © 1998-2001 ATI Technologies Inc.
OriginalFilename : Atiptaxx.exe

#:34 [wlansta.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2148
ThreadCreationTime : 26-10-2004 06:42:55
BasePriority : Normal
FileVersion : 1.07.37
ProductVersion : 1.07.37.2020
ProductName : Wireless 802.11b LAN
CompanyName : NETGEAR
FileDescription : WLAN Status Tray Applet
InternalName : larryh@tpi.com
LegalCopyright : Copyright © 2002, NETGEAR
OriginalFilename : WLANSTA.exe
Comments : Developed by TriplePoint, Inc. <www.TriplePoint.com>

#:35 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 2160
ThreadCreationTime : 26-10-2004 06:42:56
BasePriority : Normal
FileVersion : 0.1.0.1622
ProductVersion : 0.1.0.1622
ProductName : RealOne Player (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2002
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:36 [jusched.exe]
FilePath : C:\Program Files\Java\j2re1.4.2_01\bin\
ProcessID : 2196
ThreadCreationTime : 26-10-2004 06:42:57
BasePriority : Normal

#:37 [picasamediadetector.exe]
FilePath : C:\Program Files\Picasa\
ProcessID : 2204
ThreadCreationTime : 26-10-2004 06:42:57
BasePriority : Normal

#:38 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2212
ThreadCreationTime : 26-10-2004 06:42:57
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:39 [conf.exe]
FilePath : C:\Program Files\NetMeeting\
ProcessID : 2220
ThreadCreationTime : 26-10-2004 06:42:57
BasePriority : Normal
FileVersion : 4.4.3400
ProductVersion : 3.01
ProductName : Windows® NetMeeting®
CompanyName : Microsoft Corporation
FileDescription : Windows® NetMeeting®
InternalName : conf
LegalCopyright : Copyright © Microsoft Corporation 1996-2001
LegalTrademarks : Microsoft® , Windows® and NetMeeting® are registered trademarks of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : conf.exe

#:40 [spokesystray.exe]
FilePath : C:\Program Files\Spoke Client\
ProcessID : 2228
ThreadCreationTime : 26-10-2004 06:42:57
BasePriority : ?
FileVersion : 1.6.304.1272
ProductVersion : 1.6.0.0
ProductName : Spoke
CompanyName : Spoke Software, Inc.
FileDescription : SpokeSysTray Module
InternalName : SpokeSysTray
LegalCopyright : Copyright 2003
LegalTrademarks : Spoke
OriginalFilename : SpokeSysTray.exe

#:41 [fwlink.exe]
FilePath : C:\Program Files\Dilberttest3\Screen Saver\
ProcessID : 2236
ThreadCreationTime : 26-10-2004 06:42:57
BasePriority : Normal

#:42 [chatango.exe]
FilePath : C:\Program Files\Chatango\
ProcessID : 2248
ThreadCreationTime : 26-10-2004 06:42:58
BasePriority : Normal
FileVersion : 1.0.0.2
ProductVersion : 1.0.0.2
ProductName : Chatango Message Catcher
CompanyName : MRL Ventures, Inc.
FileDescription : Chatango Message Catcher
InternalName : Chatango Message Catcher
LegalCopyright : © MRL Ventures, Inc. All rights reserved.
OriginalFilename : Chatango.exe

#:43 [skype.exe]
FilePath : C:\Program Files\Skype\Phone\
ProcessID : 2256
ThreadCreationTime : 26-10-2004 06:42:58
BasePriority : Normal

#:44 [acrotray.exe]
FilePath : C:\Program Files\Adobe\Acrobat 5.0\Distillr\
ProcessID : 2308
ThreadCreationTime : 26-10-2004 06:43:02
BasePriority : Normal
FileVersion : 5, 0, 0, 0
ProductVersion : 5, 0, 0, 0
ProductName : AcroTray - Adobe Acrobat Distiller helper application.
CompanyName : Adobe Systems Inc.
FileDescription : AcroTray
InternalName : AcroTray
LegalCopyright : Copyright © 2001
OriginalFilename : AcroTray.exe

#:45 [gurunet.exe]
FilePath : C:\Program Files\GuruNet\
ProcessID : 2340
ThreadCreationTime : 26-10-2004 06:43:13
BasePriority : Normal
FileVersion : 5.1 (build 1321)
ProductVersion : 5.1 (build 1321)
ProductName : GuruNet
CompanyName : GuruNet Corporation
FileDescription : GuruNet Client
InternalName : GNClient
LegalCopyright : Copyright © GuruNet Corporation 1999-2004
OriginalFilename : GNClient.exe

#:46 [hotsync.exe]
FilePath : C:\Palm\
ProcessID : 2356
ThreadCreationTime : 26-10-2004 06:43:17
BasePriority : Normal
FileVersion : 4.0.2
ProductVersion : 4.0.2
ProductName : HotSync® Manager, Palm Desktop
CompanyName : Palm, Inc.
FileDescription : HotSync® Manager Application
InternalName : HotSync®
LegalCopyright : Copyright © 1995-2001 Palm, Inc.
LegalTrademarks : HotSync® is a registered trademark of Palm, Inc.
OriginalFilename : Hotsync.exe

#:47 [rundll32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2488
ThreadCreationTime : 26-10-2004 06:43:22
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:48 [imapp.exe]
FilePath : C:\PROGRA~1\INCRED~1\bin\
ProcessID : 2960
ThreadCreationTime : 26-10-2004 06:44:01
BasePriority : Normal
FileVersion : 2, 5, 0, 1355
ProductVersion : 2, 5, 0, 1355
ProductName : IncrediMail
CompanyName : IncrediMail, Ltd.
FileDescription : IncrediMail Application
InternalName : IncrediApp
LegalCopyright : Copyright © 2002 IncrediMail, Ltd.
OriginalFilename : IMAPP.EXE

#:49 [agtserv.exe]
FilePath : C:\PROGRA~1\COMMON~1\GURUNE~1\
ProcessID : 3044
ThreadCreationTime : 26-10-2004 06:44:21
BasePriority : Normal
FileVersion : 6.1 (build 1321)
ProductVersion : 6.1 (build 1321)
ProductName : ScreenScraper SDK
CompanyName : GuruNet Corporation
FileDescription : AgtServ main executable
InternalName : AgtServ
LegalCopyright : Copyright © GuruNet Corporation 1999-2004
OriginalFilename : AgtServ.exe

#:50 [sharpreader.exe]
FilePath : C:\Program Files\SharpReader\
ProcessID : 3348
ThreadCreationTime : 26-10-2004 06:47:17
BasePriority : Normal

Warning! CoolWebSearch Object found in memory(C:\WINDOWS\System32\cepaie.dll)

CoolWebSearch Object Recognized!
Type : Process
Data : cepaie.dll
Category : Malware
Comment :
Object : C:\WINDOWS\System32\

#:51 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 3392
ThreadCreationTime : 26-10-2004 08:06:11
BasePriority : High
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:52 [taskmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1712
ThreadCreationTime : 26-10-2004 08:20:59
BasePriority : High
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows TaskManager
InternalName : taskmgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : taskmgr.exe

#:53 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2552
ThreadCreationTime : 26-10-2004 08:24:07
BasePriority : Normal
FileVersion : 6.2.0.200
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:54 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 3720
ThreadCreationTime : 26-10-2004 08:24:29
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 1

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

MyWay.Speedbar Object Recognized!
Type : RegValue
Data :
Category : Misc
Comment : "{07B18EA9-A523-4961-B6BB-170DE4475CCA}"
Rootkey : HKEY_USERS
Object : S-1-5-21-3615762775-2346120412-2210994494-1026\software\microsoft\internet explorer\toolbar\webbrowser
Value : {07B18EA9-A523-4961-B6BB-170DE4475CCA}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 2

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch Email Clients Uninstaller "http://help.mywebsearch.com/"
Category : Misc
Comment : (http://help.mywebsearch.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearch Email Clients Uninstaller

Possible Browser Hijack attempt Object Recognized!
Type : Regkey
Data : Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearchSearchAssistant "http://help.mywebsearch.com/"
Category : Misc
Comment : (http://help.mywebsearch.com/)
Rootkey : HKEY_LOCAL_MACHINE
Object : Software\Microsoft\Windows\CurrentVersion\Uninstall\MyWebSearchSearchAssistant

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 4

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@realmedia[3].txt
Category : Data Miner
Comment : 25-10-2004 11:17:54
Value : Cookie:ebay860@realmedia.com/
Expires : 01-01-2011 02:00:00
LastSync : 25-10-2004 11:17:54
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@bluestreak[2].txt
Category : Data Miner
Comment : 26-10-2004 00:00:58
Value : Cookie:ebay860@bluestreak.com/
Expires : 23-10-2014 20:00:52
LastSync : 26-10-2004 00:00:58
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@adtech[2].txt
Category : Data Miner
Comment : 20-10-2004 17:45:10
Value : Cookie:ebay860@adtech.de/
Expires : 18-10-2014 17:45:12
LastSync : 20-10-2004 17:45:10
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@247realmedia[1].txt
Category : Data Miner
Comment : 18-10-2004 10:00:38
Value : Cookie:ebay860@247realmedia.fr/
Expires : 01-01-2011 02:00:00
LastSync : 18-10-2004 10:00:38
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@maxserving[1].txt
Category : Data Miner
Comment : 25-10-2004 11:17:56
Value : Cookie:ebay860@maxserving.com/
Expires : 23-10-2014 11:17:56
LastSync : 25-10-2004 11:17:56
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@2o7[2].txt
Category : Data Miner
Comment : 24-10-2004 15:21:34
Value : Cookie:ebay860@2o7.net/
Expires : 23-10-2009 15:21:42
LastSync : 24-10-2004 15:21:34
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@gator[1].txt
Category : Data Miner
Comment : 18-10-2004 09:54:02
Value : Cookie:ebay860@gator.com/
Expires : 17-12-2004 09:54:02
LastSync : 18-10-2004 09:54:02
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@estat[1].txt
Category : Data Miner
Comment : 20-10-2004 17:42:54
Value : Cookie:ebay860@estat.com/
Expires : 18-10-2014 17:42:56
LastSync : 20-10-2004 17:42:54
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@realmedia[1].txt
Category : Data Miner
Comment : 18-10-2004 10:00:40
Value : Cookie:ebay860@realmedia.fr/
Expires : 01-01-2011 02:00:00
LastSync : 18-10-2004 10:00:40
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@z1.adserver[1].txt
Category : Data Miner
Comment : 25-10-2004 11:17:58
Value : Cookie:ebay860@z1.adserver.com/
Expires : 25-10-2005 11:17:58
LastSync : 25-10-2004 11:17:58
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@fastclick[2].txt
Category : Data Miner
Comment : 25-10-2004 11:21:54
Value : Cookie:ebay860@fastclick.net/
Expires : 08-10-2006 09:54:00
LastSync : 25-10-2004 11:21:54
UseCount : 0
Hits : 27

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@questionmarket[1].txt
Category : Data Miner
Comment : 25-10-2004 22:08:12
Value : Cookie:ebay860@questionmarket.com/
Expires : 16-12-2005 14:08:14
LastSync : 25-10-2004 22:08:12
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@tribalfusion[1].txt
Category : Data Miner
Comment : 25-10-2004 11:17:26
Value : Cookie:ebay860@tribalfusion.com/
Expires : 01-01-2038 02:00:00
LastSync : 25-10-2004 11:17:26
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebay860@specificclick[1].txt
Category : Data Miner
Comment : 05-05-2004 15:29:12
Value : Cookie:ebay860@specificclick.com/
Expires : 01-01-2021 02:00:00
LastSync : 05-05-2004 15:29:12
UseCount : 0
Hits : 1

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 14
Objects found so far: 18

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : gde.dll
Category : Malware
Comment :
Object : C:\WINDOWS\system32\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19

Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : sp.html
Category : Malware
Comment :
Object : D:\documents and Settings\ebay860\Local Settings\Temp\

CoolWebSearch Object Recognized!
Type : File
Data : temp.frD6CA
Category : Malware
Comment :
Object : D:\documents and Settings\ebay860\Local Settings\Temp\

CoolWebSearch Object Recognized!
Type : File
Data : temp.frD6F6
Category : Malware
Comment :
Object : D:\documents and Settings\ebay860\Local Settings\Temp\

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : ebbl893@dbbsrv[1].txt
Category : Data Miner
Comment :
Value : D:\documents and Settings\ebbl893\Cookies\ebbl893@dbbsrv[1].txt

CoolWebSearch Object Recognized!
Type : File
Data : Dd1.html
Category : Malware
Comment :
Object : D:\RECYCLER\S-1-5-21-3615762775-2346120412-2210994494-1026\

Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 24

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
0 entries scanned.
New critical objects:0
Objects found so far: 24

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\searchassistant uninstall

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment : CWS.About:Blank
Rootkey : HKEY_CLASSES_ROOT
Object : protocols\filter\text/plain
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\classes\protocols\filter\text/html
Value : CLSID

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegData
Data :
Category : Malware
Comment : PROXY ENABLED - CHECK PROXY SETTINGS - Check this item if you do not use a proxy server - If a proxy server is in use, its settings in your Internet Options need to be verified.
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows\currentversion\internet settings
Value : ProxyEnable
Data :

CoolWebSearch Object Recognized!
Type : File
Data : sp.html
Category : Malware
Comment :
Object : d:\docume~1\ebay860\locals~1\temp\

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 9
Objects found so far: 33

10:54:22 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:29:11.78
Objects scanned:161066
Objects identified:32
Objects ignored:0
New critical objects:32

and this is the last HiJackthis log:

Logfile of HijackThis v1.97.7
Scan saved at 21:11:22, on 26/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\WINDOWS\Cpqdiag\Cpqdfwag.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\NavNT\defwatch.exe
C:\PROGRA~1\Compaq\COMPAQ~2\hibserv.exe
C:\WINDOWS\System32\NALNTSRV.EXE
C:\PROGRA~1\AT&TGL~1\NetCfgSv.EXE
C:\WINDOWS\System32\NMSSvc.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\WINDOWS\System32\wm.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\dpmw32.exe
C:\WINDOWS\System32\NWTRAY.EXE
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\Program Files\NavNT\vptray.exe
C:\Program Files\Compaq\Hotkey Software\hkss.exe
C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\WLANSTA.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
C:\Program Files\Picasa\PicasaMediaDetector.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\NetMeeting\conf.exe
C:\Program Files\Spoke Client\SpokeSysTray.exe
C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe
C:\Program Files\Chatango\Chatango.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\rundll32.exe
C:\PROGRA~1\INCRED~1\bin\IMApp.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\GuruNet\GuruNet.exe
C:\Palm\HOTSYNC.EXE
C:\PROGRA~1\COMMON~1\GURUNE~1\agtserv.exe
D:\documents and Settings\ebay860\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pia.fr.schnei.../data/proxy.pac
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\Userinit.exe
O2 - BHO: GuruNet BHO - {3392BD0A-A851-4AA4-86E0-4651006F9EA8} - C:\Program Files\Common Files\GuruNet Shared\agtbho.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar2.dll
O3 - Toolbar: HLIeBar - {0A120D41-244B-11D5-8122-005004F6D77D} - C:\Program Files\HumanLinks\bin\HLIeBar.dll
O3 - Toolbar: Spoke - {4FC00340-F75E-4EB5-880C-651A8A76965F} - C:\Program Files\Spoke Client\SpokeToolBand.dll
O3 - Toolbar: Vivisimo - {5538fb62-f725-4433-a965-91314e8d8e4d} - C:\Program Files\Vivisimo\Toolbar\toolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: GuruNet - {E8893D9E-169E-4a05-B0B6-FC5809D1AA77} - C:\PROGRA~1\GuruNet\Toolbar\GuruNetToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar2.dll
O4 - HKLM\..\Run: [NDPS] C:\WINDOWS\System32\dpmw32.exe
O4 - HKLM\..\Run: [NWTRAY] NWTRAY.EXE
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
O4 - HKLM\..\Run: [cpqek] C:\Program Files\Compaq\Compaq EAB Software\cpqek.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [IncrediMail] C:\PROGRA~1\INCRED~1\bin\IncMail.exe /c
O4 - HKLM\..\Run: [WLANSTA.EXE] WLANSTA.EXE START
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe
O4 - HKLM\..\Run: [LSPFix] C:\Program Files\Common Files\eAcceleration\LSPfix\LSPmonitor.exe normal
O4 - HKLM\..\Run: [LifeScape Media Detector] C:\Program Files\Picasa\PicasaMediaDetector.exe
O4 - HKLM\..\RunServices: [CPQDFWAG] C:\WINDOWS\Cpqdiag\CpqDfwAg.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [SpokeSysTray] "C:\Program Files\Spoke Client\SpokeSysTray.exe" -w
O4 - HKCU\..\Run: [Dilberttest3 web link] "C:\Program Files\Dilberttest3\Screen Saver\FWLink.exe"
O4 - HKCU\..\Run: [Chatango] C:\Program Files\Chatango\Chatango.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\System32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: GuruNet.lnk = C:\Program Files\GuruNet\GuruNet.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: PowerReg Scheduler.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Vivisimo Meta-Search - res://C:\Program Files\Vivisimo\Toolbar\toolbar1.dll/SEARCH.HTML
O8 - Extra context menu item: Backward Links - res://c:\windows\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\windows\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: GuruNet... - file:C:\Program Files\GuruNet\Html\atiemenu.htm
O8 - Extra context menu item: MT It! - http://blog.mopsos.c...s&bm_height=880
O8 - Extra context menu item: Similar Pages - res://c:\windows\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Subscribe in NewzCrawler - file://C:\Program Files\NewzCrawler\context.htm
O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar2.dll/cmtrans.html
O9 - Extra 'Tools' menuitem: Console Java (Sun) (HKLM)
O9 - Extra button: Swarming (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Newz Crawler (HKLM)
O9 - Extra 'Tools' menuitem: Newz Crawler (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.micr...0367/wmavax.CAB
O16 - DPF: {05D96F71-87C6-11D3-9BE4-00902742D6E0} (QuickPlace Class) - http://www.mayeticvillage.fr/qp2.cab
O16 - DPF: {13E23C9E-3018-4AC1-B998-C08BF1814DB0} - http://ftp.gurunet.c...GNInstaller.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab
O16 - DPF: {1D88A37D-B626-4C6F-96C9-6E8AD61C2412} (InstallHelper Class) - http://survey.prod.t...stallHelper.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - http://www.rovion.co...rols/Rovion.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://scpwha.ops.pl...quicksilver.cab
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.micr...922/wmv9VCM.CAB
O16 - DPF: {40289096-9F72-4A04-BCB3-E434ECDCEE33} (AppDLCtrl Class) - http://download.howu...nload/appdl.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...RdxIE601_fr.cab
O16 - DPF: {597C45C2-2D39-11D5-8D53-0050048383FE} (OPUCatalog Class) - http://office.micros...ontent/opuc.cab
O16 - DPF: {5BDBA960-6534-11D3-97C7-00500422B550} - https://www.projectl.../dolcontrol.cab
O16 - DPF: {5C8D0494-02F2-40E9-8EBF-07FED5919629} - http://www.goodconta...oodContacts.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {715A3997-ADE8-4399-AD92-353958D75076} (XUpdater Control) - http://www.bluefalco...0.01/SS_POC.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.googl...gleActivate.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8054.2411689815
O16 - DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} (IEAnimBehaviorFactory Class) - http://download.micr...N-US/msorun.cab
O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://139.160.63.14...aDownloader.cab
O16 - DPF: {B25BC1C3-8A1B-459C-92E2-2D21025AD7CF} (Installer Class) - https://center.spoke...SpokeClient.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://worldcomssl....bex/ieatgpc.cab
O16 - DPF: {E876D003-BCDE-11D3-9131-000094B61529} (ERPageAddin Class) - http://e2.eroom.com/...etup/client.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - https://www.linkedin...cab/wabctrl.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = fr.schneider-electric.com
O17 - HKLM\Software\..\Telephony: DomainName = fr.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = fr.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = fr.schneider-electric.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 139.160.77.13 139.160.111.43
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = fr.schneider-electric.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 139.160.77.13 139.160.111.43

#4 Micah_6:8

Evilware Emancipator

Authentic Member
10,060 posts

Interests:Web (Perl, PHP, JavaScript, HTML) programming, CNC programming, Squashing spyware!

Posted 27 October 2004 - 06:16 PM

Please download the latest version of Hijack This!

There are things the new version can detect.

Important: Create a folder on the C: drive called C:\HJT.
You can do this by going to My Computer (Windows key+e) then double click on C: then right click and select New then Folder and name it HJT.
Download the newest version of HijackThis into this folder.

If required a tutorial is here = Hijackthis Folder Tutorial

Links to Hijack This! v 1.98.2:

http://tools.radiosp.../HijackThis.exe
http://spywarewarrio.../HijackThis.exe
http://tomcoyote.org.../HijackThis.exe

CLOSE ALL WINDOWS (even this one) AND PROGRAMS!!!!

Run Hijack This!
Click "Scan".
Then "check" the box to the left of these item(s):

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab

O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.co...etup1.0.0.6.cab

O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akama...meInstaller.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://207.188.7.150...RdxIE601_fr.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab

O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredim...er/imloader.cab

O16 - DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} (CentraDownloaderCtl Class) - http://139.160.63.14...aDownloader.cab

Reboot and "copy/paste" a new log file into this thread.

Edited by Micah_6:8, 27 October 2004 - 06:20 PM.

Body Background

skin color theme