Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93099 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Spyware and Viruses?


  • This topic is locked This topic is locked
72 replies to this topic

#31 Guest_poporacer_*

Guest_poporacer_*
  • Guests

Posted 02 May 2006 - 08:23 AM

I ran the scan earlier and posted the log on an earlier post. I re-ran the scan and it found no files or ads. If you want me to post again, let me know! Thanks

    Advertisements

Register to Remove


#32 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 02 May 2006 - 02:08 PM

Please do an online scan with Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post as well as a bew hijackthis log please.


#33 Guest_poporacer_*

Guest_poporacer_*
  • Guests

Posted 05 May 2006 - 08:49 AM

I tried to access the web site. I got to the site and when I clicked on the accept button I got an error on the page. I was using IE Explorer 6.0 SP2. The error I received was an object expected. I changed my settings in IE to allow active x controls and any other issues that might have prevented the button from working. Also I was concerned because the computer I am trying to fix only has dial-up and it indicated that one of the downloads was 6MB. The computer I am on has broadband so it is easy to download and transfer files, but if it is a program that installs and then updates, it will take a LONG time and then I sometimes lose my dial up connection before the download is complete (possibly dirty phone lines) Thanks for your assistance

#34 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 05 May 2006 - 09:08 PM

Download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free...mitfraudFix.zip
Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

Posted Image

______________________________

Please download the trial version of Ewido anti-malware 3.5 from here:
http://www.ewido.net/en/download/
  • Install Ewido anti-malware.
  • When installing, under Additional Options uncheck Install background guard and Install scan via context menu.
  • When you run Ewido for the first time, you could get a warning "Database could not be found!". Click Ok.
  • The program will prompt you to update. Click the Ok button.
  • The program will now go to the main screen.
You will need to update Ewido to the latest definition files.
  • On the left-hand side of the main screen click the Update Button.
  • Click on Start.
The update will start and a progress bar will show the updates being installed.
Once finished updating, close Ewido.

If you are having problems with the updater, you can use this link to manually update ewido.
Ewido manual updates. Make sure to close Ewido before installing the update.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press Enter

Posted Image

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


IMPORTANT: Do NOT run any other options until you are asked to do so!

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.


Running the Clean

Warning: running option #2 on a non infected computer will remove your Desktop background.


Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

Posted Image


The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
______________________________

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • Click on Scanner
  • Click on Settings
    • Under How to scan all boxes should be checked
    • Under Unwanted Software all boxes should be checked
    • Under What to scan select Scan every file
    • Click on Ok
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
If Ewido finds anything, it will pop up a notification. When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says Perform action on all infections and put a checkmark in the box next to Create encrypted backup, then choose clean and click Ok.

Once the scan has completed, there will be a button located on the bottom of the screen named Save Report.
  • Click Save Report button
  • Save the report to your Desktop
Close Ewido and Reboot in Normal Mode.
______________________________

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #3 - Delete Trusted zone by typing 3 and press Enter
Answer Yes to the question "Restore Trusted Zone ?" by typing
Y and hit Enter.

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.
______________________________

Please post:
  • c:\rapport.txt
  • Ewido log
  • A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.

#35 Guest_poporacer_*

Guest_poporacer_*
  • Guests

Posted 08 May 2006 - 11:04 AM

Here is what we got. The computer is running EXTREMELY slow (maybe from all the programs we installed?) I ran the Smitfraud search and here is the log: SmitFraudFix v2.40 Scan done at 8:28:11.37, Mon 05/08/2006 Run from C:\Documents and Settings\Brazeal\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] ğğğğğğğğğğğğğğğğğğğğğğğğ C:\ ğğğğğğğğğğğğğğğğğğğğğğğğ C:\WINDOWS ğğğğğğğğğğğğğğğğğğğğğğğğ C:\WINDOWS\system ğğğğğğğğğğğğğğğğğğğğğğğğ C:\WINDOWS\Web ğğğğğğğğğğğğğğğğğğğğğğğğ C:\WINDOWS\system32 ğğğğğğğğğğğğğğğğğğğğğğğğ C:\Documents and Settings\Brazeal\Application Data C:\Documents and Settings\Brazeal\Application Data\Install.dat FOUND ! ğğğğğğğğğğğğğğğğğğğğğğğğ Start Menu ğğğğğğğğğğğğğğğğğğğğğğğğ C:\DOCUME~1\Brazeal\FAVORI~1 ğğğğğğğğğğğğğğğğğğğğğğğğ Desktop ğğğğğğğğğğğğğğğğğğğğğğğğ C:\Program Files ğğğğğğğğğğğğğğğğğğğğğğğğ Corrupted keys ğğğğğğğğğğğğğğğğğğğğğğğğ Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" ğğğğğğğğğğğğğğğğğğğğğğğğ Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll ğğğğğğğğğğğğğğğğğğğğğğğğ Scanning wininet.dll infection ğğğğğğğğğğğğğğğğğğğğğğğğ End Then I ran the clean. Here is the log: SmitFraudFix v2.40 Scan done at 8:41:00.78, Mon 05/08/2006 Run from C:\Documents and Settings\Brazeal\Desktop\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] ğğğğğğğğğğğğğğğğğğğğğğğğ Killing process ğğğğğğğğğğğğğğğğğğğğğğğğ Deleting infected files C:\Documents and Settings\Brazeal\Application Data\Install.dat Deleted ğğğğğğğğğğğğğğğğğğğğğğğğ Deleting Temp Files ğğğğğğğğğğğğğğğğğğğğğğğğ Registry Cleaning Registry Cleaning done. ğğğğğğğğğğğğğğğğğğğğğğğğ End Then I ran Ewido. It froze at the same memory address as before. So I ran just a registry scan and fixed the files it found. Here is that log: --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 9:14:21 AM, 5/8/2006 + Report-Checksum: 7311953D + Scan result: HKLM\SOFTWARE\Classes\CLSID\{008977B5-B606-4A82-74FD-902541715430} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{00ABB85E-07E6-B7B9-BA96-1CA233683B48} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0108204E-FE17-D532-5C20-738F637A3E9A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{011CA171-EE6B-EF0C-A0D7-D291FDD4ECAA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{011D0D79-1BD4-5167-DD32-029CC16A44CD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{01E4E0CC-8390-738E-DCC2-DEFBA2BEAA16} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{027AA086-EC2E-FE8A-72B0-57E4005BE72B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{029FBD34-C8B2-9002-2C1A-6F854F82041A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{02AEE941-B1DB-3EAC-10FE-5DE07E619636} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0315E8BF-CB9F-4795-F013-258F5F05C8F7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{04280B5C-D8EC-8CBA-64C0-902824D9E96E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{05570C13-5D01-B853-7FC4-C7B4095AAF53} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{05F3F3D2-8BFA-C735-FCDF-D4BD8418D325} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{06E9293B-0874-4C97-3FF4-7898452B2624} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{072CAE8C-38F2-5B21-58C7-3F1949B30C0E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{073C7FC6-8137-7BA8-FC4D-8518F53DD1BA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{07BA91BD-B56C-8678-6570-354600897B57} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{07E65FDF-2A73-7925-24D8-A81B2D818986} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{07F009CC-0ADE-5083-F469-92CE6474B119} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{08536B35-B9B2-1A48-3FD2-054066066BC6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{087899FB-71F1-C680-3656-92E12F8C1179} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{08A16CBA-2D4A-CD2A-AC68-B1289A8DFA47} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{08A76AA8-55B8-70B2-36A7-A14598C929CD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{08B37597-543F-3682-9CE8-5399FDD1AF1B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{09207CE5-BD48-226E-8BA1-3964BEC3C523} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{092DB14D-5C39-5142-DD3F-FA5F05AC391D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{093234D0-7F27-C867-07E1-8803BB04FEE7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{094D3C6B-0FD5-85DB-7DA2-55DE1550FD2B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0B3798A2-69E9-E91E-D230-89C13C63C169} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0B660373-E1F0-C963-AE63-9622A8DECA96} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0B661A23-D4C8-D088-322A-EA2355183008} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0CDBD604-4612-33C7-E374-FCB905743FE9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0CEB6F75-E0B3-3168-B619-8AA78957178F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0CF57333-5B7D-335C-A5B5-A07B823FC5DA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0D6ED755-E877-1CBF-03BD-B3232D69932F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0DFBCB63-C236-4AA8-9785-4DB42DA67929} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0E426D19-A0E1-57CF-5D1D-AB6BFC7313C7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0F347D11-0959-D9B4-DD60-E588A4AA5E39} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0F9785C1-F999-8194-47E8-A0F96E941AC1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0FDFA8F1-FED6-2E34-815F-9123143F0CC4} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{0FF735ED-18CB-AF19-21F7-AC40587668DD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{10CDF98A-2A9B-D800-4FA2-BB25429FBB28} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{11432651-A087-8D4D-B7F1-E0B7E38F5E5D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{11713B84-1DD1-2E2E-9583-FD1D4C8BF667} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1182AB83-7090-44B1-FE2E-B48198A41AC3} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{11CADD9E-74F9-397C-A3AF-492DCE92FEBA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{121F909F-63E6-4149-0E42-9847B49E14A9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{12FA5173-DA8B-B1C3-C3D1-08A50FF6E095} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{13B605DF-1E8A-69E3-30F0-9C4603AF0367} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{13B77FE1-9911-A0C2-1D01-61CA21EAEB83} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{13EC115E-BB2C-7F02-A3BD-83D068848141} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{13FE7B61-AB76-464D-D4B1-1EE42B5C7715} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{147C0B30-AF21-31CA-8710-729D602064B3} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{149E3520-76B1-18D1-BA44-E4375DF430CA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{150875DE-94E1-E8C9-27DC-1267DD628704} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1681A18D-3463-7283-E8D1-60FF3C15D695} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{174374E0-8B9B-E8EB-3C68-69CEB869B29F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{174F9AD2-A2FA-DE17-181F-2821F174FCAE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{18C2B1ED-7635-92A8-5DB5-E71520573650} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{18FB2A6A-F233-369E-6A36-6A30EE2D9B65} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{192929D5-E35A-737C-D3F4-3234223172D2} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{19912599-316F-1849-BEE2-88BC0F03A2F6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1995DD3F-2E2B-50AB-908D-9CDED6E2D0CB} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{19E5C3C7-88D2-904B-C726-F1AE66EF3E95} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1AF3C52E-680B-95C6-99B3-CA20401DF669} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1B9B2567-FD79-0929-AF30-27C5089B29FE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1BBF6BD6-3F17-3B90-A927-BD49D544F992} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1C2D7291-D2B5-8CA1-6D30-E1233A6FC98C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1C5B795D-B77D-F4CA-D6EC-0CF1958D26BB} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1C7373CB-D0CC-712E-8CD1-C898172A6764} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1D30E5A0-28E5-58CC-B632-2ECF3ADEF219} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1D3E4E2E-E8BE-F392-C1A4-B33BB3205F18} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1D4E5235-1EF4-B7D9-EDD4-4AA53BC21C41} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1DE9D3C3-1F3E-3BCC-8E64-E73BCDC73BFE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1DF2044E-54E9-138A-9C50-43F180D78BEB} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1DF846A3-16F9-BEC1-05D0-31207FD24B28} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1DFB1F0E-E4FA-9122-10FB-11AD977CE8D6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1E647B7A-EC2A-37E3-8BD3-75DEF011D1A2} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1E95BA2D-7B18-89AD-6312-95C44DAD58C3} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1EE99722-6957-F238-C8E0-A8C8F80F1EB6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1F1A3DD0-5DB3-08D8-FE9F-CB49DA5EFA2E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1F226F17-45A5-9601-8565-5F00839429FD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1F58C5B4-71E6-9034-1D00-229C1B03146D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1F78C92C-4C19-8C99-63B8-180F8DEADFA6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{1F9CE5DA-289C-2E20-1D11-2FA0CC12FBA6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{21258EF1-13DE-0334-9DB4-2B3E344FFB37} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{21DD6C43-4909-73BD-AC73-F4B1A19AC112} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{21F544A8-869C-E661-F43F-4B58A9DA7A27} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2285B198-6B1E-F3E9-EDB0-C1211C68788F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{23448DC9-3E89-9556-DAA1-31611C8C8C86} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{23729FED-1D25-011A-0DB0-8D3F55CF1DF6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{23E34881-904C-E6F5-30F1-DD86960EFBDA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{24F826F5-5E8A-89AF-89AD-984C0E5C366D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{25B8166B-41ED-A81F-2F72-DBFD30EA2369} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{25DECCE7-F1A6-9D7B-61B1-CD9A963DD1D1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{260410E4-D8EA-E7E1-BFA7-D23E7058C8ED} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2633C97A-08CD-B7CF-E645-9B9031490C5E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{27244056-A7A0-0D52-E7EF-5AC1509FDFAA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{27AB907C-8C71-0316-AAB8-F84D9E8EEADC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{28A68239-82F8-8D30-DC8C-F32FA43F4BF6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2929E202-D7B9-7E23-516C-C5BB9105F4B4} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{29F5CDA5-BEE3-3BFF-4545-58A0B85F3DCC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2A69B4ED-A44E-115C-7B00-D6A6A2337148} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2ABBD56B-11A6-D514-E153-52F711D31C89} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2ADC683F-681B-4B30-63E5-5C0E621BA5F0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2B4B035E-BD22-BB4E-600A-3BD52E2B0040} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2BAB9DCF-AB6E-FD19-25BB-4FA3012F78E1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2CAE7DD3-D3DC-7AD3-D17F-61DF6D540FD7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2CCE5B81-6D28-8A8F-02CA-6ED9C85DE395} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2CDE04BE-5087-9425-8043-F24037206477} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2CFEA94E-5A24-A0DD-8BBF-23387F8EEBCF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2DAD5652-3FF5-FF26-8446-2EE69A7D486A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2DCE8EFF-1AF0-677D-94E1-E7DB4FCDEBB9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2E0AC7E0-5378-CF4B-88BD-FA2D630DD4B4} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2E737E2B-3144-18EB-6317-F8477D913E7A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2F1D33AC-0064-E874-1148-32D75B7B52B1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2FA30FBE-52D6-760C-819A-ECC0872CC2F6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{2FD3B816-33C8-BA72-72AA-942B7EBA6762} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{302FCDF6-C3B8-FDEF-DB33-BD6C8D4D3F17} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{30463195-A68F-5D9B-95C6-6E9E1788E6F2} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{309FC92A-2E70-BFFC-8F4B-AF3E29E13EBA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{314309C8-8EB8-0650-32D6-81AE926F9A91} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{32004A45-DBFC-2B7B-3989-BB5BE50D9E3A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3228229A-289E-9E2F-9154-02F1DC5C463F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{338E9F9A-BBF9-233A-33C3-E48A66C94FFA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{33A49432-E399-EC6E-1569-941A0DB59717} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{33AC10E4-94BE-C3D0-855D-41F27DCEDD3D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{33BB335A-E91D-2ED8-9721-81D64B089AEF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{342544FC-9066-3A08-5442-F1039ADD4765} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{342AC8C9-5C5C-97C1-007F-0CAC5ADE9FBE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{34563B77-50A7-B32B-750C-907E592AD1F7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{345A2686-3958-CD0F-8965-C10B010F97E8} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{34EB4B4D-211D-02FF-BB62-D759F74EB7B0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{35452A41-CE7D-6D56-67BC-9D85487A00AC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{35FD01EC-5FEE-AA3D-945B-C7706321F21D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3620FA36-EAC4-5596-EAC4-AF1A75B8F176} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{364A9AC1-833E-64D6-405B-D34483F166CF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{36791C41-EE2D-4A40-AF45-24A5ABA6D46E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{38A13BE2-44E2-8EAD-D101-458EB7B89D67} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{38B1F6CB-D979-4ED0-D754-0FE61CA0FD1A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{396510BF-19DB-BA8B-5681-EADC7E407396} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{39652FC9-57E8-9F1F-F728-8F55D9E5F49F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{396F7C5F-9026-A2D9-C7B4-7E3BF9559100} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3989905C-EB29-D007-7657-4D626E83A0BF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{39AB52BE-5C5B-C6CF-7C20-4CEAD04A446D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3A21BE6B-7A02-5B85-3FE9-2B6EC6CF21E6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3B092820-33F4-D1C6-2308-63513EC22B4F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3BA5C516-2E23-6854-9EFC-21E89FEB7C2E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3BAD3301-C3BA-DFE1-6F81-7E2E16D28A68} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3BE5F317-B261-729D-6D0E-E0CE5C3BCA0C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3BFBD25B-30CD-88DF-802D-9B7CEA176789} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3E8EDD63-7719-B595-1F25-C50F23DBF99D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3F508203-C722-9913-5AE6-D4D6D529B196} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{3F787872-61C2-E14A-5458-CFF5381DEA94} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{401249DD-FC9A-788E-2A42-6F9CF15DDAD5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{40315233-9EE4-3396-0B93-46009121D04D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{40623E66-6632-B92E-52FA-C47B8259279F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{40A0E35D-1680-0A91-C3B8-64A0784852EF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{41D2B4DA-7A72-4D83-2AB1-ABC9369BAC74} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{427B0070-6125-1D12-0821-13CFF8EAB8E9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{42C144CB-27B3-27F0-C116-E454EB628818} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{430C166C-49CE-19E8-CF15-95AB6EE7E7CE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{43519C2F-0B31-D548-BCC7-83BB31743F19} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{436CC2D6-13C5-6564-C2F0-1E89CB49E703} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{43F24E09-E2C1-F9C2-89AD-A96028168450} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4535AA01-32E2-C370-5459-98178A464CC5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4566CC43-0B31-07E0-141A-12FC7D5FF802} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{45BB100E-E1E8-C990-C393-ABFCC68EB7AA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{461B6EFD-230C-BCDF-DDF3-63EE7DCC6733} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{46CBB635-BE2E-414C-B36B-6C899CEAC5B7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{46D04616-7CF2-E668-F5D9-77B5C5C12CB9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4763B786-7117-D6E2-6EAD-059429FFA44C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4A35DEC1-AC71-E2CC-AA75-FE86733D32EC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4B1013E8-F567-66FB-F819-618EA93458EB} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4B295DD6-7213-27C6-601F-94CDA50E5C12} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4B58741F-6197-1F6D-5D01-B41C20BAD587} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4CF7AAC1-4A75-9542-3F85-F264D7706346} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4D32057E-3515-B39C-BB3C-2DA7E2D53A22} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4D3C3AFE-BB7F-ECE3-B414-B58B6B0A02B0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4D7C6CA0-A3E7-D824-6A6A-F6EBB4CAAE67} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4EEA0D22-A231-FA24-2605-CBA388EAC447} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4F741BC8-6979-4FC7-8956-2B6322868176} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{4FC6535C-9AC3-EDE2-C75D-FEB53871F199} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{50838896-9654-6D5F-8DD1-DC592611A0D7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5085B226-C8E8-0E38-868E-EFEA18A27FEE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{50926289-7AE9-F205-35DB-3C3AE5AF9093} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{510C09CC-B06A-EFC8-2E17-38F386848F3E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{514AD317-D072-49A6-8F45-BCC1983F2289} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5152B2CE-E0B3-1CAE-8534-9EFEF6004087} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{516D24EF-0BF5-8FA9-4490-654544FD346E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{52B4E2B3-D4D9-2A6A-FE0D-C16742A96017} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{52EE5932-7B3F-A426-717A-E8B9A8D79E2E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{538EEB8F-48F3-4823-CA19-09ED9EFBD83E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{53EB571E-DF9B-C0FE-846E-402B5896036A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{55C2A982-5FB8-705D-AB13-7616770AA2ED} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{563AB9B2-742C-C0B7-8464-BFC5F6F9FEF1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5649FC80-401D-6577-0C0F-E130C201E57E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5677AA14-4828-04F9-BE46-9B83A0F0652F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{56791174-6E86-7AEF-B404-ED9E42ABFF73} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{568F19C5-53C8-85F1-FD40-5AC40D3DE0DA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{579C9366-3B77-3148-9401-BD4A5AAEAFE9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{57D786B2-F19C-B77F-7E6B-D102D52C94FD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{57F1FB28-4764-A72E-5FBB-CDB42B603BCA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5846232C-DAB1-2538-1DC5-1F5122BAEDA5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{58A9849D-12E0-4CBB-4B4C-84249CEA038D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{58C69C3C-513A-77CF-F3C1-211970B62914} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{58D4BFA2-A699-E3C8-0595-60FC4EF0E5B6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{58E19DDB-FF55-C80E-005C-675F6F8331B0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5973AE8B-B1D4-58C7-0629-E633DD3F8550} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{597F33BB-7AD3-F1EF-80F9-8D124BD581D1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5ACA4795-58D2-18DF-8B28-5ADCC50CDA8F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5AF31457-2CF3-3FC6-66B1-9712121F763D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5BC00C48-AFF4-1B9A-7346-97AEAEE9627E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5BE76740-FD01-49B4-5ABA-AA49D68044EF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5C1F285D-535D-9092-7629-0A98B42B2969} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5C234103-94D8-FE86-BF5F-D52FD6347B89} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5CF3547B-0B6F-A6B0-230A-43C3E9F9B5C7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5DC8F5E4-E651-4A8F-0C0E-BB293A521172} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5DEDD180-A81B-0DD2-B797-A930839625C6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5E7B02D7-602D-50C0-5932-B8789936CC74} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5EF955D0-CD1C-5AD5-B026-71208A758ECD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5F07395A-D985-8E7F-592F-1318F18930CF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{5FF22AB0-0EE0-256A-46F7-FB091D282278} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{60366101-11CA-FC95-A7E1-2607FF9ABD7A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{60367A0D-8790-F166-DEFE-E88F3C410154} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{605F5668-04D3-C5B2-31A6-6A34FAA420FB} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{619AEAED-BE16-E4E2-9E4D-5D992C91F6EC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{61A1BD6A-1454-4FC8-F175-3EDD86B070CF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{61BA9713-4C7D-321C-7CDA-2D19B793429D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6224A6BF-40D4-13DF-EA91-32CF510D802C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{622A8F48-1987-BE0C-846F-5F54337E3897} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{622AD4BF-A21B-A5AB-73A0-4C66343DC95D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{62594F8F-2B32-85F0-4FD3-5AB6A0A8D28A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{628BF799-9380-671E-7B49-283E344A43F6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{633C8BFF-B1D2-9627-66F6-74124A682441} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{63DFBE3B-D797-50E4-BE10-0AD1C6D7B7AD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{644B228B-5F23-F011-99CB-59911BD7A0BE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{64A6BEFF-15F2-8F55-C53D-6C41009ED9DA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{64E2E47A-49FE-6602-0901-F8F3172B36FC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6518F4B3-A15F-E14C-71F3-61A49FC2A684} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6521EDCB-F991-9B61-E2FB-195A166D77CC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{65410090-FD57-DBFA-0CE3-6CEC2D7DECE7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{655963E8-0F03-5868-828A-091DBC963461} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{65E1E63D-52CA-BFA1-A0DD-1E839592A8A2} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6669DCAF-F6A9-C3C9-69D4-24AA388E878A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6769CB49-248D-E08B-15E7-10A94D7C172A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{67AD8EEC-DBC9-81F8-1EAB-6D24CF242AC2} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{687935EA-83F2-0A00-630D-743E4F5D9B6C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{692CAE5A-4A45-E144-6735-C691484DAB07} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{69A989AD-BFBB-9324-846E-194CABCE649B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{69BAEE5A-CB78-D198-71FF-1A38BD3DC5AD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{69FEAC45-7BA9-7690-3417-89B30EFA0A97} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6A09CAF8-74FC-941E-3124-50B7F27A038B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6A179565-2A80-B3E8-B301-3F172DD761A4} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6A2FC992-C464-7D8E-A831-1F567C681F79} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6A47C456-BECE-DE20-8213-FEFEEA28BF82} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6A514481-371E-25AF-0216-69CE92A93462} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6B34286B-B67D-090A-9D75-B5711AF1EDC8} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6BB2CE94-CBE3-276E-9FBD-683911ECC178} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6BE5F602-57FC-035D-69BB-0127DBDAD5A1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6BFB10C2-E906-0C6D-43FE-065E2DCDBD1B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6C948E70-AB84-E5AD-7F98-E364697B6224} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6CB6FA3E-4E06-6264-2A77-866A236736C8} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6CBB3396-8A31-08CB-7CEA-C211D4BCA22B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6CF4AC74-AA3B-E3EF-B4E2-B4369DD60441} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6D9E2D31-EB57-F24B-9B0F-61D4FA3DB1F4} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6DEC0CC2-2A65-EB58-45A0-7E933C8C95B8} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6E088D4B-521B-1676-CDD6-EC121DD3C210} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6E15F4D5-4588-FA6E-9B33-7152B249E5A0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6ED05958-433F-4254-7A23-8BD9E8ECB7DA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6EE6510F-088D-30A5-F75C-0C00AE920791} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6EEA3F5F-272E-64B0-0D54-07AC8C402BD1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6F78D1A7-9B90-901B-4763-5F6F47B6AE32} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6F8BD72A-A449-9B34-E881-3708BE2A7336} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{6FB03079-36B5-765F-685F-8E0CC22ABC7E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7088E183-99D9-0B62-5F0D-9852B624FA9A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{70ADE2D9-8C69-A96F-3FF3-8EF31737E358} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{71207CD1-70E9-8E56-D9C1-3C8036A8F9AC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{714821C8-0FA4-141B-9F76-FA25B786A99E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7173150A-87AC-C6BF-D728-7964D77F0DA9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7239C462-6987-5177-AF61-FF4790041E7B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{73374308-91E6-5E66-411F-8EDBA399652C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{73979FA3-E867-BFB9-AA46-E8A731179278} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{74325928-F826-D0FB-6353-6D46D5064E50} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{74EE13F3-4F7F-9428-EAE7-54C71206013B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{75AB6EC1-D4B5-9152-4CA4-54ED9D6EC80E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{75C66E0B-A0B4-0E63-2432-962290285149} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7712FA8E-35A0-B2CF-ECDA-F2AEB55869AB} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7715CCE6-8987-9901-2E03-84A41BA95A23} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7716D7E8-A15F-BA5D-A479-92B3FEBB1DF4} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7738D4CE-735C-6768-041D-713E7E2F8E97} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{773BCC80-D9FF-7281-852F-435394A76511} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{775E7EE2-3A20-6839-8BF8-42DB066E09CE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{77CFD405-E6A6-72F1-2E42-FFA8EB49D6D2} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7869E6B3-D323-6BCB-ADD4-E5D10D876F39} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{78991257-E463-8759-D99F-343F395ADFB0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{789DA69A-6265-C650-CABA-64CAF47E9679} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{789E6ACA-7D9C-0143-CDA9-054F4543DB2C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{79871287-2345-13C2-102C-453713BD6EC5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{798A2A6B-B2B1-0E2F-80FF-30D52F286EFB} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{79C93508-E653-3149-0C20-C0B4BFC88F32} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7A30E1DF-0A72-AEB7-7E44-79412564B4A7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7AC6761E-4F43-46F5-6B0F-B6A0CFE8A5CE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7AE91C6C-1479-7396-1F9A-7C366C654869} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7AEF1698-E8CD-4535-C196-EAEADE211A17} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7B315180-F3AA-843E-BFD5-2B630CDC0D67} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7B566BE2-5C20-280B-C5D8-C38CBA964C00} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7CCE6452-9DBC-615F-2B63-B92A8D4C2292} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7E4E0ADA-4189-6454-35CE-5091BC0DCDBA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7FF3DF51-4556-BEF4-7661-E2FF78823478} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{7FF53652-4DA9-7C18-869B-8B90C486CE63} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{80DB1183-D8F5-834A-13C4-38C932041E93} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{80E8BCDE-64B0-C3D0-A6E1-0DA0877E6210} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{80FC6A39-9FBC-F551-7089-66CE61A24984} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8180A8D4-06ED-349E-1259-67BB545C5A93} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{81815AAF-40F8-9C53-D04B-0430B91F30D4} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{82875AD5-18E5-5570-3234-2005A0A995BA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{82AEAA16-4EE5-D82E-5AA1-5935B5734481} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{82FCD2C0-6CAF-9AD2-CAC6-D68F740206C3} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{83EBAF80-FDC9-395C-7F4C-6E85D8F3AEC5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8430846B-8A81-CE71-E16C-22A97EFCBE41} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8455ADD6-2004-47C2-9816-6F3B875B7CE3} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{85D99FC8-A44F-68F7-C3BB-8D4B49A8D1B0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{866A3A28-5F61-83BA-C3CA-AA1516A9ABFB} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8674F6CD-EB6E-CD07-FBE1-506F82436CC8} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{86CC2087-2C19-636E-123F-4A64629ED9B7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{86EFE7E7-1B08-7E33-B58C-1A83E41E850E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{871DF81E-AF47-62AD-B624-F9791F484A5D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{875B4A75-88F5-E7EE-970A-F733BAD255DD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{88278391-118B-BCB6-E08A-964AA5FEF26D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8830AC75-B27B-63D2-0B56-5488166A6EF1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{885411A1-5DD7-B13F-C011-E095DEF3E7E0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{88A0C6A3-6B41-0962-6006-EAC41DA2ED9E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{88D4DC00-8316-4C96-7C3D-67DE0558A395} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{89633DC6-AE86-E2FC-D1E8-DCAE85241ED1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8980B41E-6F73-5154-AD0B-2C07B906E843} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{89C52F8E-6421-B53A-EBC0-9EFEAF3E7FCD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8A2CB793-CFF0-E932-4559-5DBF964D529C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8B10FEDE-D60E-0D57-2B03-3AE690868EAC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8BA4618A-5F21-0B8B-363D-374D8521F596} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8BC98744-A18A-A2E3-17A4-F26601005660} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8BEE597E-1C53-8D18-5623-2AF4318BA679} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8D86E46F-B9DE-ADD7-1BA7-60042DD50BAA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8E0CFF9A-9D92-AC99-FA0C-7E94D6A0CF0D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8EB9F027-F18C-452F-0437-D29FA5DD0116} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8F534F76-94D1-789D-5A3D-063BABD3B7B6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8F547B81-9875-B29A-2CDD-894B09440339} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8F9CE5C4-7A8B-60FC-A8C2-8E61BD61D4BF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{8FA74632-9B2D-AC74-6EF2-F4A98B02AF43} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{90904DF3-6B8E-1818-E44F-2A9AA166D4DA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{90920AC0-CE70-911A-27A7-D53EDA3B6DED} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{910C0916-F0CB-AF9F-5171-D6E388933C0A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9283B90B-6824-9F8C-CDEE-A26195750B35} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{92FF6D65-A3E5-8CBB-8A78-0C0B4826792D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{933BFF75-7C0C-D7AC-9322-EB6F8F00CFAE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{935BB868-D573-FCBF-9F0F-F1E0E429CD01} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{935D29CB-14A9-92E2-1A43-61FA68E60B26} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{93FD03BB-BE2C-90D0-AFDC-EEA007E4254F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{94CABCE6-9B61-8B2A-60F8-442B3E29E73B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{94FD5399-31A3-8A09-5871-0DA2D6C8E837} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9563197D-CBB5-1E94-9E31-2D487926BBF9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9567AEAF-59B7-5E8B-8F6C-5DD2344A72B3} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{95C2E350-02E5-F766-2847-040897D53CA0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9627E89A-ADC6-335C-80FB-709684853BA6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{96316EB2-0E4E-6A7E-7A88-DD575904EDB4} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{97117941-9F9B-7B77-FBDB-598CBAA2F96C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9854654D-8F9B-F8C9-3987-B48E58C9568D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{98BEE562-A984-68F6-3C3D-5BA8C901DC71} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{98D79E08-A8D3-7C16-C8D1-316A15F195A3} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{99336825-8A2F-E710-D7AA-913C67C38EDC} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9C0B1C11-4B55-F4A7-0E89-A3C089B28991} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9CEAD01F-0181-74D5-0D8E-0653B9B66F48} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9CF887C3-763F-C8F6-5A0D-FD3AEC35E6F5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9D8F4233-7618-3A2D-C382-ABE141BB1FB4} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9DCAC14C-5AED-ADB0-13C7-BC0FD19AC9B5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9DCEC456-A874-CC64-6E3C-AF24D627C370} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9E11A6C0-0599-5097-40F9-5B318C705AD1} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{9E1C2098-D595-F524-F176-D0102B012320} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A1747CDA-DF6E-9351-9646-E4EDFB0652D6} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A1AE6514-7CAC-E83C-FA39-EA959372821A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A25AC3EE-0FF3-BCF3-C5B5-FB29B4033A43} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A2D6BD90-8482-2594-C882-F74F6D3CE341} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A35C3A46-8DF5-C51B-E965-4BD3DD00597D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A39532FF-4A6C-D2B8-33EC-0AF5DB34793A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A3ADD21E-02D3-30AF-04FD-5138BFE2FBF9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A3D347B5-8D22-1E55-4D3E-C94C91F76762} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A40128C9-E7A7-138B-4005-9FB9E63D0404} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A427B795-B498-01D2-0E8D-3F5691575C0A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A4318BE1-E66F-7DB1-18C4-93375E85F230} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A45624B1-C0BE-EFD2-7D06-BC3E9D3F449E} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A47588F8-0E67-D570-7C52-C0B4EFEAD1DF} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A491446E-5B83-7344-6DED-66F77121F386} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A5143F0E-0B00-5516-FA5F-E961EDECF25B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A5D041F1-3116-D1DA-4877-515DA73CA3B5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A6AA43D9-2C16-F473-3B91-5C6B402550B5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A6B26F6F-2120-8C88-3EA0-8C124E202901} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A6D3144C-5461-FC63-0E5D-0B292AB74B2C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A7367BB2-EC6D-86CC-D35F-619C39373118} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A7595DD0-954D-787A-73FC-769C95DF9F01} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A77FBB24-6758-A44E-FEB7-E7CF6EE350DB} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A81BDB57-92D5-13F5-A455-5E6915516BD5} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A8E241C7-763B-006E-5311-0B24CDFBE07D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A96D0137-789D-AEC6-7664-0878CC6982FD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{A9A7088B-63E9-D824-8BED-B299CE8A4339} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AA263ADE-C092-4829-B851-A0E66D0F97B8} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AA44A5DE-979B-B3E7-BB11-CE4EC3DD4FFA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AAC13DF6-F78C-8CC2-9B6F-8370B61D563F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AB9FA8F5-6BFA-A465-AC13-2BF9ADC97E65} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AC4ED960-D2A8-75F3-8172-095A3DF83C66} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{ACBA3A3A-36D8-85F0-BD24-C1698545899F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AD2C079F-424D-D779-A505-4258757A985F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{ADFAB064-6D76-E095-1233-94E2B1BCEADA} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AEC09CC4-4C18-178C-38D0-22D9E0B785FD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AEC47B7A-3BD5-1DD5-83D5-3166C98819AD} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AF21BBF6-248D-FEC6-977C-E433AC049B4A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{AF7C2B05-CA54-9CC5-461A-50E8D24EB543} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B0927904-C960-1788-1A77-739AAE7B602F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B12277E5-3C23-0E8D-AA5D-32EFD7D04A3A} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B12712D7-ACFD-449A-2E4E-B5894E2E6766} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B148E930-3364-EE89-4148-4B7B2877D74C} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B2896EE5-4B15-DA67-2ADD-F9FC8F792B12} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B291DEE2-D9B2-592B-0C2E-27B58D348424} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B3394CC0-DA22-CFD3-7E55-25C2B344D853} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B36A4008-5663-2ECF-9E70-FA3F4CC8F486} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B3CE5C0B-8CA4-F1D5-F9A7-7FAE4C8B1E8D} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B4BEB480-93E5-1EA1-846B-4D486DF3B6EE} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B4C96F7A-8DBA-A271-24A8-DCA0E278A9D9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B550E5A0-848D-661C-60CC-759622570AF7} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B661A0E7-C97A-0ADF-8F52-33BDC0152123} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B77E5C0F-AD1F-7897-5AD1-C3ADED9B794F} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B78605C5-FA50-0820-1D02-BA7713DEC077} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B7E372AA-5214-5339-1C44-04A6C88B6A13} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B834AC8E-CE65-3392-D7DF-86057DA73721} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B85FFBF7-B2D8-D30A-8289-46564A899064} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B86BEFD1-FD7B-BF76-1007-90B9084541C0} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B878818F-2279-A2FE-62AA-5B8166B041ED} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B8F28A6B-4308-8C8B-4DAA-1D2763F029F9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B9117FC9-B02C-936C-F1BC-6D227B226339} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B9CC80FA-3524-AB9A-7661-F6352FD5A3B9} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes\CLSID\{B9ECDBF6-CDF6-F0EF-1703-372B49754E0B} -> Adware.CoolWebSearch : Cleaned with backup HKLM\SOFTWARE\Classes&#

#36 Guest_poporacer_*

Guest_poporacer_*
  • Guests

Posted 08 May 2006 - 11:22 AM

And here is my HJT log. Also, it seems like Norton AV is starting to work. It detected a Bloodhound.Exploit.6 virus, and a Exploit.html.mht. It couldn't do anything with them. Also when I start the computer I get an error that ispnews.exe i failed to initialize properly..

Logfile of HijackThis v1.99.1
Scan saved at 9:55:50 AM, on 5/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\FSGK32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fssm32.exe
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\F-Secure Internet Security\Common\FAMEH32.EXE
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsqh.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsrw.exe
C:\Program Files\F-Secure Internet Security\FSPC\fspc.exe
C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
C:\Program Files\F-Secure Internet Security\Anti-Virus\fsav32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE
C:\Program Files\Cookie Washer\aolwasher.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\F-SECU~1\ANTI-S~1\fsaw.exe
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLHOS~1.EXE
C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
C:\Program Files\F-Secure Internet Security\FSGUI\fsguidll.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLServiceHost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
R3 - Default URLSearchHook is missing
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brazeal\Application Data\Mozilla\Profiles\default\alhwq5n1.slt\prefs.js)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107146022\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\F-Secure Internet Security\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\F-Secure Internet Security\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\F-Secure Internet Security\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\F-Secure Internet Security\FSGUI\ispnews.exe"
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Brazeal"
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: F-Secure 2006.lnk = C:\Program Files\F-Secure Internet Security\backweb\4476822\Program\fspex.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Block this popup - C:\Program Files\F-Secure Internet Security\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Web Filter - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\F-Secure Internet Security\FSPC\fspcmsie.dll
O9 - Extra button: IE Shield - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: IE Shield... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\F-Secure Internet Security\Anti-Spyware\ieshield.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: Advisor - {0F2E637F-E3AF-49BB-8BCF-2CFAEDF862EF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'winsflt.dll' missing
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for ¸ĉu
: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - F-Secure Internet Security 2005 - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure HTTP Server (fshttps) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\FSPC\fshttps\fshttps.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#37 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 09 May 2006 - 09:30 PM

Looking better.

STEP 1.
======
SpySweeper
Please download http://www.webroot.c...ode=af1&rc=3597
(It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
STEP 2.
======
Download Ewido
  • Download and install Ewido Security Suite It is a free trial version of the program.
  • Install ewido security suite
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
STEP 3.
======
Update Ewido
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use Ewido manual updates

STEP 4.
======
Ewido Scan
Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.**
    o You will need to step through the process of cleaning files one-by-one.
    o If ewido detects a file you KNOW to be legitimate, select none as the action.
    o DO NOT select "Perform action on all infections"
    o If you are unsure of any entry found select none for now.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.
**(Ewido for example has been flagging parts of AVG Anti-Virus, pcAnywhere and the game "Risk")


STEP 5.
======
CWShredder

Please download and run CWShredder
Make sure that all browser windows are closed with the exception of Cwshredder and choose FIX.

STEP 6.
======

Please do an onlione scan here http://housecall.trendmicro.com/ and allow it to clean/remove what it finds.


Please post the results from SpySweeper, ewido and a new hijackthis log.

#38 Guest_poporacer_*

Guest_poporacer_*
  • Guests

Posted 15 May 2006 - 12:46 PM

Ok, here we go. I downloaded spysweeper, I didn't have access to the internet on the computer at first so I scanned it, updated Spysweeper when I had access and ran it again. Here is the log:
********
6:44 PM: | Start of Session, Friday, May 12, 2006 |
6:44 PM: Spy Sweeper started
6:44 PM: Sweep initiated using definitions version 677
6:44 PM: Starting Memory Sweep
6:53 PM: Memory Sweep Complete, Elapsed Time: 00:08:44
6:53 PM: Starting Registry Sweep
6:54 PM: Found Trojan Horse: trojan-phisher-egold
6:54 PM: HKLM\system\currentcontrolset\services\docentd\ (12 subtraces) (ID = 933579)
6:54 PM: Found Adware: cws_tiny0
6:54 PM: HKCR\clsid\{9adc5b7c-f0fa-a733-e146-85ce8933dc68}\ (2 subtraces) (ID = 980881)
6:54 PM: HKLM\software\classes\clsid\{9adc5b7c-f0fa-a733-e146-85ce8933dc68}\ (2 subtraces) (ID = 980889)
6:54 PM: Registry Sweep Complete, Elapsed Time:00:01:19
6:54 PM: Starting Cookie Sweep
6:54 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:54 PM: Starting File Sweep
6:55 PM: win.ini.backup:ixqzel (ID = 200)
6:57 PM: Found Trojan Horse: trojan-backdoor-haxdoor
6:57 PM: 3928.tmp (ID = 192965)
7:21 PM: Found Trojan Horse: trojan-downloader-pr-corp
7:21 PM: 3208.tmp (ID = 188692)
7:40 PM: system.ini.backup:xbxng (ID = 204)
7:41 PM: Found Trojan Horse: trojan-backdoor-securemulti
7:41 PM: 3240.tmp (ID = 188688)
7:45 PM: 3200.tmp (ID = 192965)
7:45 PM: Found Trojan Horse: mspm-bot
7:45 PM: 2480.tmp (ID = 192909)
7:45 PM: 3600.tmp (ID = 188688)
7:55 PM: 3360.tmp (ID = 192909)
7:56 PM: 3532.tmp (ID = 188692)
8:00 PM: 3572.tmp (ID = 188692)
8:02 PM: Warning: Failed to open file "c:\windows\". The system cannot find the path specified
8:02 PM: Warning: Failed to open file "c:\windows\". The system cannot find the path specified
8:04 PM: 3248.tmp (ID = 192909)
8:05 PM: File Sweep Complete, Elapsed Time: 01:10:47
8:05 PM: Full Sweep has completed. Elapsed time 01:21:17
8:05 PM: Traces Found: 31
8:06 PM: Removal process initiated
8:06 PM: Quarantining All Traces: trojan-backdoor-haxdoor
8:07 PM: Quarantining All Traces: trojan-backdoor-securemulti
8:07 PM: Quarantining All Traces: trojan-downloader-pr-corp
8:07 PM: Quarantining All Traces: cws_tiny0
8:07 PM: Quarantining All Traces: mspm-bot
8:07 PM: Quarantining All Traces: trojan-phisher-egold
8:07 PM: Removal process completed. Elapsed time 00:00:33
********
8:29 AM: | Start of Session, Thursday, May 11, 2006 |
8:29 AM: Spy Sweeper started
8:29 AM: Sweep initiated using definitions version 556
8:30 AM: Starting Memory Sweep
8:37 AM: Memory Sweep Complete, Elapsed Time: 00:06:58
8:37 AM: Starting Registry Sweep
8:37 AM: Found Adware: 2020search
8:37 AM: HKLM\system\currentcontrolset\services\.net connection service\ (12 subtraces) (ID = 101924)
8:37 AM: Found Adware: coolwebsearch (cws)
8:37 AM: HKCR\clsid\{3ce36d52-d914-5ba5-c0e2-3f53ae992abb}\ (2 subtraces) (ID = 107209)
8:37 AM: HKCR\clsid\{4fc7118f-cec2-4822-4fa2-bd496c690a0c}\ (2 subtraces) (ID = 107248)
8:37 AM: HKCR\clsid\{75a46c7e-d7ab-55f3-8df2-d9a7ffd913e6}\ (2 subtraces) (ID = 107518)
8:37 AM: HKCR\clsid\{d02510a9-69a7-24d5-85da-d3ec8e911c73}\ (2 subtraces) (ID = 108130)
8:37 AM: HKCR\clsid\{f22b79fb-1d55-c94f-4938-eaa13a2fb4ed}\ (2 subtraces) (ID = 108311)
8:37 AM: HKCR\interface\{c19eb5b1-fc58-456e-8793-384532ed5970}\ (8 subtraces) (ID = 108398)
8:37 AM: HKLM\software\classes\clsid\{3ce36d52-d914-5ba5-c0e2-3f53ae992abb}\ (2 subtraces) (ID = 108597)
8:37 AM: HKLM\software\classes\clsid\{4fc7118f-cec2-4822-4fa2-bd496c690a0c}\ (2 subtraces) (ID = 108636)
8:37 AM: HKLM\software\classes\clsid\{75a46c7e-d7ab-55f3-8df2-d9a7ffd913e6}\ (2 subtraces) (ID = 108905)
8:37 AM: HKLM\software\classes\clsid\{d02510a9-69a7-24d5-85da-d3ec8e911c73}\ (2 subtraces) (ID = 109513)
8:37 AM: HKLM\software\classes\clsid\{f22b79fb-1d55-c94f-4938-eaa13a2fb4ed}\ (2 subtraces) (ID = 109692)
8:37 AM: HKLM\software\classes\interface\{c19eb5b1-fc58-456e-8793-384532ed5970}\ (8 subtraces) (ID = 109776)
8:37 AM: Found Adware: cws-aboutblank
8:37 AM: HKCR\clsid\{5af56848-9589-c8be-da68-602b3e69097e}\ (2 subtraces) (ID = 113034)
8:37 AM: HKCR\interface\{53b95210-7d77-11d2-9f81-00104b107c96}\ (8 subtraces) (ID = 114337)
8:37 AM: HKLM\software\classes\clsid\{5af56848-9589-c8be-da68-602b3e69097e}\ (2 subtraces) (ID = 114616)
8:37 AM: HKLM\software\classes\typelib\{53b95204-7d77-11d2-9f81-00104b107c96}\ (9 subtraces) (ID = 115914)
8:37 AM: HKCR\typelib\{53b95204-7d77-11d2-9f81-00104b107c96}\ (9 subtraces) (ID = 116773)
8:37 AM: Found Adware: cws_ns3
8:37 AM: HKCR\clsid\{0b58bef4-c0d5-53ba-4f75-d23e40367540}\ (2 subtraces) (ID = 117606)
8:37 AM: HKCR\clsid\{02d6ed78-680a-f6c9-b9ce-a9a1ba770720}\ (2 subtraces) (ID = 117641)
8:37 AM: HKCR\clsid\{02ffd786-624f-cc5b-7820-bcdee66d486f}\ (2 subtraces) (ID = 117642)
8:37 AM: HKCR\clsid\{2b32079d-a94d-be39-977b-b79962faa6cf}\ (2 subtraces) (ID = 117746)
8:37 AM: HKCR\clsid\{3a044fba-5def-1ecf-55e6-8a9de3722cec}\ (2 subtraces) (ID = 117780)
8:37 AM: HKCR\clsid\{3f15b481-32e2-fe85-96fa-a8976289b4fd}\ (4 subtraces) (ID = 117819)
8:37 AM: HKCR\clsid\{5f574346-a206-d78a-7149-4c709d5204a4}\ (2 subtraces) (ID = 117912)
8:37 AM: HKCR\clsid\{7a987646-f4b5-d9fc-cc46-e95a1713f3b5}\ (2 subtraces) (ID = 117962)
8:37 AM: HKCR\clsid\{7d070854-e058-6cf4-d6a2-c2d80e5b5124}\ (2 subtraces) (ID = 117978)
8:37 AM: HKCR\clsid\{9a711817-cadb-fd03-ebb1-4e2fc70601c2}\ (2 subtraces) (ID = 118039)
8:37 AM: HKCR\clsid\{46b118f7-a9c3-30b6-f02a-a8c72e1e4fd5}\ (2 subtraces) (ID = 118179)
8:37 AM: HKCR\clsid\{46c8c875-7053-566f-b7df-a8735884b10e}\ (2 subtraces) (ID = 118180)
8:37 AM: HKCR\clsid\{47b70b6f-a6b0-230a-43c3-9f9b5c710209}\ (2 subtraces) (ID = 118181)
8:37 AM: HKCR\clsid\{67d02480-710b-80d7-0624-27bb57b32cde}\ (2 subtraces) (ID = 118239)
8:37 AM: HKCR\clsid\{73a0fef4-c4ec-89f0-f3bc-fe7f59ad1dba}\ (2 subtraces) (ID = 118258)
8:37 AM: HKCR\clsid\{86b29a5f-cb91-3c3d-28a2-eda38c1f28a8}\ (2 subtraces) (ID = 118288)
8:37 AM: HKCR\clsid\{792e2c95-aebd-d9b8-e958-ad1bb5a3d9ba}\ (2 subtraces) (ID = 118431)
8:37 AM: HKCR\clsid\{3684b1d1-c737-aa3a-00b8-83fe7ff3c058}\ (2 subtraces) (ID = 118488)
8:37 AM: HKCR\clsid\{4095aaf5-bad2-a97d-d64c-566a52e35c2e}\ (2 subtraces) (ID = 118494)
8:37 AM: HKCR\clsid\{8007f30a-add5-7e61-d29c-8f166bc8a3dd}\ (2 subtraces) (ID = 118535)
8:37 AM: HKCR\clsid\{15213f20-4568-a265-3c5a-1f0b1f772ef8}\ (2 subtraces) (ID = 118567)
8:37 AM: HKCR\clsid\{64770a00-0c3b-bcec-d32d-83ee61896228}\ (2 subtraces) (ID = 118592)
8:37 AM: HKCR\clsid\{61682029-a490-5c49-d9fd-682fb2da97af}\ (2 subtraces) (ID = 118711)
8:37 AM: HKCR\clsid\{a97b64ca-35c4-dd86-2890-054ee94ce844}\ (2 subtraces) (ID = 118768)
8:37 AM: HKCR\clsid\{b36d5282-d413-f545-cf79-a6ce970cfebb}\ (4 subtraces) (ID = 118861)
8:37 AM: HKCR\clsid\{b1300934-5207-3933-066d-455dde935add}\ (2 subtraces) (ID = 118893)
8:37 AM: HKCR\clsid\{be5dcdbc-54d3-95ea-b258-2d53bd817431}\ (2 subtraces) (ID = 118926)
8:37 AM: HKCR\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (2 subtraces) (ID = 118987)
8:37 AM: HKCR\clsid\{cc6a9dff-521f-7dd3-e624-b30c0b9ff83a}\ (2 subtraces) (ID = 119047)
8:37 AM: HKCR\clsid\{d6c7db36-c0ac-c91f-b408-61a55e5ab6c5}\ (6 subtraces) (ID = 119094)
8:37 AM: HKCR\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (4 subtraces) (ID = 119095)
8:37 AM: HKCR\clsid\{d7347ce7-1ee8-8788-b631-57750cdd6bcb}\ (2 subtraces) (ID = 119131)
8:37 AM: HKCR\clsid\{e36a99d7-088f-a5e8-1ba4-87116d938d49}\ (2 subtraces) (ID = 119237)
8:37 AM: HKCR\clsid\{e5181bb3-b821-0d7b-d568-3766286d5460}\ (2 subtraces) (ID = 119265)
8:37 AM: HKCR\clsid\{e365460d-7563-2763-5e38-85f172854eac}\ (6 subtraces) (ID = 119270)
8:37 AM: HKCR\clsid\{f0d9b410-3c4f-707c-2e2d-529e64aa2118}\ (2 subtraces) (ID = 119339)
8:37 AM: HKCR\clsid\{f1b9da5c-979c-674e-bdc1-14b48e7fdf72}\ (2 subtraces) (ID = 119346)
8:37 AM: HKCR\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (2 subtraces) (ID = 119400)
8:37 AM: HKCR\clsid\{fa112fa2-b6c7-ce6a-de50-feaf22c15154}\ (2 subtraces) (ID = 119418)
8:37 AM: HKCR\clsid\{fb277f1b-89b6-a114-dd01-ec507a933f39}\ (2 subtraces) (ID = 119426)
8:37 AM: HKLM\software\classes\clsid\{0b58bef4-c0d5-53ba-4f75-d23e40367540}\ (2 subtraces) (ID = 119486)
8:37 AM: HKLM\software\classes\clsid\{02d6ed78-680a-f6c9-b9ce-a9a1ba770720}\ (2 subtraces) (ID = 119520)
8:37 AM: HKLM\software\classes\clsid\{02ffd786-624f-cc5b-7820-bcdee66d486f}\ (2 subtraces) (ID = 119521)
8:37 AM: HKLM\software\classes\clsid\{1fe935ff-db66-ac76-99d8-18ec1f0f013c}\ (2 subtraces) (ID = 119613)
8:37 AM: HKLM\software\classes\clsid\{2b32079d-a94d-be39-977b-b79962faa6cf}\ (2 subtraces) (ID = 119622)
8:37 AM: HKLM\software\classes\clsid\{3a044fba-5def-1ecf-55e6-8a9de3722cec}\ (2 subtraces) (ID = 119654)
8:37 AM: HKLM\software\classes\clsid\{3f15b481-32e2-fe85-96fa-a8976289b4fd}\ (4 subtraces) (ID = 119693)
8:37 AM: HKLM\software\classes\clsid\{5f574346-a206-d78a-7149-4c709d5204a4}\ (2 subtraces) (ID = 119787)
8:37 AM: HKLM\software\classes\clsid\{7a987646-f4b5-d9fc-cc46-e95a1713f3b5}\ (2 subtraces) (ID = 119836)
8:37 AM: HKLM\software\classes\clsid\{7d070854-e058-6cf4-d6a2-c2d80e5b5124}\ (2 subtraces) (ID = 119853)
8:37 AM: HKLM\software\classes\clsid\{9a711817-cadb-fd03-ebb1-4e2fc70601c2}\ (2 subtraces) (ID = 119913)
8:37 AM: HKLM\software\classes\clsid\{46b118f7-a9c3-30b6-f02a-a8c72e1e4fd5}\ (2 subtraces) (ID = 120037)
8:37 AM: HKLM\software\classes\clsid\{46c8c875-7053-566f-b7df-a8735884b10e}\ (2 subtraces) (ID = 120038)
8:37 AM: HKLM\software\classes\clsid\{47b70b6f-a6b0-230a-43c3-9f9b5c710209}\ (2 subtraces) (ID = 120039)
8:37 AM: HKLM\software\classes\clsid\{67d02480-710b-80d7-0624-27bb57b32cde}\ (2 subtraces) (ID = 120096)
8:37 AM: HKLM\software\classes\clsid\{73a0fef4-c4ec-89f0-f3bc-fe7f59ad1dba}\ (2 subtraces) (ID = 120115)
8:37 AM: HKLM\software\classes\clsid\{86b29a5f-cb91-3c3d-28a2-eda38c1f28a8}\ (2 subtraces) (ID = 120144)
8:37 AM: HKLM\software\classes\clsid\{338e88e9-d821-1c15-a00d-907ab980e988}\ (2 subtraces) (ID = 120215)
8:37 AM: HKLM\software\classes\clsid\{792e2c95-aebd-d9b8-e958-ad1bb5a3d9ba}\ (2 subtraces) (ID = 120279)
8:37 AM: HKLM\software\classes\clsid\{3684b1d1-c737-aa3a-00b8-83fe7ff3c058}\ (2 subtraces) (ID = 120335)
8:37 AM: HKLM\software\classes\clsid\{4095aaf5-bad2-a97d-d64c-566a52e35c2e}\ (2 subtraces) (ID = 120341)
8:37 AM: HKLM\software\classes\clsid\{8007f30a-add5-7e61-d29c-8f166bc8a3dd}\ (2 subtraces) (ID = 120382)
8:37 AM: HKLM\software\classes\clsid\{15213f20-4568-a265-3c5a-1f0b1f772ef8}\ (2 subtraces) (ID = 120414)
8:37 AM: HKLM\software\classes\clsid\{64770a00-0c3b-bcec-d32d-83ee61896228}\ (2 subtraces) (ID = 120439)
8:37 AM: HKLM\software\classes\clsid\{61682029-a490-5c49-d9fd-682fb2da97af}\ (2 subtraces) (ID = 120553)
8:37 AM: HKLM\software\classes\clsid\{a97b64ca-35c4-dd86-2890-054ee94ce844}\ (2 subtraces) (ID = 120607)
8:37 AM: HKLM\software\classes\clsid\{b36d5282-d413-f545-cf79-a6ce970cfebb}\ (4 subtraces) (ID = 120700)
8:37 AM: HKLM\software\classes\clsid\{b1300934-5207-3933-066d-455dde935add}\ (2 subtraces) (ID = 120731)
8:37 AM: HKLM\software\classes\clsid\{be5dcdbc-54d3-95ea-b258-2d53bd817431}\ (2 subtraces) (ID = 120763)
8:37 AM: HKLM\software\classes\clsid\{c42cf26e-2b02-05de-7d7b-a16c5c2095bb}\ (2 subtraces) (ID = 120824)
8:37 AM: HKLM\software\classes\clsid\{cc6a9dff-521f-7dd3-e624-b30c0b9ff83a}\ (2 subtraces) (ID = 120884)
8:37 AM: HKLM\software\classes\clsid\{d6c7db36-c0ac-c91f-b408-61a55e5ab6c5}\ (6 subtraces) (ID = 120930)
8:37 AM: HKLM\software\classes\clsid\{d7b5394e-d013-3545-35d0-45376236a8dc}\ (4 subtraces) (ID = 120931)
8:37 AM: HKLM\software\classes\clsid\{e36a99d7-088f-a5e8-1ba4-87116d938d49}\ (2 subtraces) (ID = 121071)
8:37 AM: HKLM\software\classes\clsid\{e5181bb3-b821-0d7b-d568-3766286d5460}\ (2 subtraces) (ID = 121098)
8:37 AM: HKLM\software\classes\clsid\{e365460d-7563-2763-5e38-85f172854eac}\ (6 subtraces) (ID = 121102)
8:37 AM: HKLM\software\classes\clsid\{f0d9b410-3c4f-707c-2e2d-529e64aa2118}\ (2 subtraces) (ID = 121169)
8:37 AM: HKLM\software\classes\clsid\{f1b9da5c-979c-674e-bdc1-14b48e7fdf72}\ (2 subtraces) (ID = 121176)
8:37 AM: HKLM\software\classes\clsid\{f2352fd0-b78a-fc66-ee98-5dfbf99e1f48}\ (2 subtraces) (ID = 121227)
8:37 AM: HKLM\software\classes\clsid\{fa112fa2-b6c7-ce6a-de50-feaf22c15154}\ (2 subtraces) (ID = 121244)
8:37 AM: HKLM\software\classes\clsid\{fb277f1b-89b6-a114-dd01-ec507a933f39}\ (2 subtraces) (ID = 121251)
8:37 AM: Found Adware: cws_tiny0
8:37 AM: HKCR\clsid\{5f4b11a7-c0a8-0b95-8741-481c8b0029e3}\ (2 subtraces) (ID = 123846)
8:37 AM: HKCR\clsid\{8a71c47b-9917-b588-625b-79254d40a325}\ (2 subtraces) (ID = 123858)
8:37 AM: HKCR\clsid\{9c060fc3-f4ce-894d-8eb7-fa3935ce5aa1}\ (2 subtraces) (ID = 123869)
8:37 AM: HKCR\clsid\{99b1e639-dca2-2c21-013f-def4b5729ca9}\ (4 subtraces) (ID = 123902)
8:37 AM: HKCR\clsid\{226ef23f-8451-8515-bc02-3d0252c01453}\ (2 subtraces) (ID = 123906)
8:37 AM: HKCR\clsid\{cd283bb0-5fea-f204-bc88-8c3ca240315d}\ (2 subtraces) (ID = 124001)
8:37 AM: HKCR\clsid\{ea8d7dfa-04bf-99e7-595c-535dc7f0efba}\ (2 subtraces) (ID = 124025)
8:37 AM: HKLM\software\classes\clsid\{5f4b11a7-c0a8-0b95-8741-481c8b0029e3}\ (2 subtraces) (ID = 124080)
8:37 AM: HKLM\software\classes\clsid\{8a71c47b-9917-b588-625b-79254d40a325}\ (2 subtraces) (ID = 124092)
8:37 AM: HKLM\software\classes\clsid\{9c060fc3-f4ce-894d-8eb7-fa3935ce5aa1}\ (2 subtraces) (ID = 124102)
8:37 AM: HKLM\software\classes\clsid\{99b1e639-dca2-2c21-013f-def4b5729ca9}\ (4 subtraces) (ID = 124134)
8:37 AM: HKLM\software\classes\clsid\{226ef23f-8451-8515-bc02-3d0252c01453}\ (2 subtraces) (ID = 124137)
8:37 AM: HKLM\software\classes\clsid\{cd283bb0-5fea-f204-bc88-8c3ca240315d}\ (2 subtraces) (ID = 124231)
8:38 AM: HKCR\clsid\{44cda69e-e88e-5adf-7958-9569d48ea263}\ (2 subtraces) (ID = 879732)
8:38 AM: HKLM\software\classes\clsid\{44cda69e-e88e-5adf-7958-9569d48ea263}\ (2 subtraces) (ID = 879801)
8:38 AM: HKU\WRSS_Profile_S-1-5-21-480437244-2214429306-939620716-500\software\microsoft\internet explorer\main\ || homeoldsp (ID = 115923)
8:38 AM: Registry Sweep Complete, Elapsed Time:00:01:05
8:38 AM: Starting Cookie Sweep
8:38 AM: Cookie Sweep Complete, Elapsed Time: 00:00:01
8:38 AM: Starting File Sweep
8:39 AM: Found Trojan Horse: trojan-downloader-vxiframe
8:39 AM: 1324.tmp (ID = 107123)
8:39 AM: xpsp1hfm.log:fjacv (ID = 56194)
8:39 AM: xpsp1hfm.log:vbuas (ID = 56194)
8:39 AM: q815021.log:ohlom (ID = 56194)
8:41 AM: santa fe stucco.bmp:vpozf (ID = 56194)
8:41 AM: kb828741.log:orzoh (ID = 56194)
8:41 AM: vminst.log:zukjl (ID = 56194)
8:41 AM: syminst.log:rsmjf (ID = 56718)
8:41 AM: q317326.log:eootr (ID = 56194)
8:41 AM: q317326.log:odwpu (ID = 56194)
8:41 AM: unvise32qt.exe:misqh (ID = 56322)
8:41 AM: Found Adware: tvmedia
8:41 AM: blue lace 16.bmp:rzakq (ID = 81628)
8:41 AM: 002655_.tmp:geaxv (ID = 56322)
8:41 AM: kb825119.log:dtgqu (ID = 56194)
8:41 AM: q311889.log:samzb (ID = 56603)
8:41 AM: kb842773.log:tzshy (ID = 56194)
8:41 AM: wecxg32.dll (ID = 54008)
8:41 AM: zxmsn.dll (ID = 54008)
8:42 AM: gupd.dll (ID = 54008)
8:42 AM: cidpoq32.dll (ID = 54008)
8:42 AM: icvbr.dll (ID = 54008)
8:42 AM: icqrt.dll (ID = 54187)
8:42 AM: cidft.dll (ID = 54008)
8:42 AM: sdfup.dll (ID = 54008)
8:42 AM: xcwer32.dll (ID = 54008)
8:42 AM: ieuninst.exe:aukuhu (ID = 55692)
8:42 AM: ieuninst.exe:hzhpwz (ID = 54093)
8:42 AM: icnfe.dll (ID = 54008)
8:42 AM: greenstone.bmp:cwpku (ID = 56194)
8:42 AM: q329115.log:cnssm (ID = 56194)
8:42 AM: q329834.log:objlq (ID = 56322)
8:44 AM: dtcinstall.log:nhprv (ID = 54863)
8:45 AM: q312368.log:nomki (ID = 56450)
8:49 AM: win.ini.backup:gevio (ID = 56451)
8:49 AM: win.ini.backup:xhdmo (ID = 56714)
8:49 AM: twain_32.dll:vexig (ID = 56718)
8:50 AM: perwin.ini:nmuci (ID = 56194)
8:52 AM: q329390.log:hrlsk (ID = 56194)
8:52 AM: status.mif:zmbmq (ID = 56194)
8:52 AM: oewablog.txt:lfiem (ID = 56194)
8:52 AM: vbaddin.ini:ybucw (ID = 56194)
8:53 AM: q329170.log:cmnry (ID = 56194)
8:53 AM: orun32.ini:ogloa (ID = 56194)
8:53 AM: {3564a736-4c6c-4806-bf06-373e8387cb8c}.dat:uhudp (ID = 56194)
8:53 AM: twain.dll:ecbjx (ID = 56194)
8:53 AM: kb840374.log:jbpch (ID = 56208)
8:54 AM: cdplayer.ini:xmhoe (ID = 56194)
8:54 AM: {6ae3c542-5bba-45cc-82c8-e6da3f99439c}.dat:nqdmm (ID = 56194)
8:55 AM: twunk_32.exe:xdlpr (ID = 56319)
8:55 AM: q315403.log:xxcui (ID = 56603)
8:56 AM: photosuite.ini:noyoy (ID = 56194)
8:56 AM: explorer.scf:vnyse (ID = 56194)
9:02 AM: oewablog.txt:mbsbc (ID = 56718)
9:02 AM: river sumida.bmp:kwjnu (ID = 56718)
9:04 AM: q810565.log:fzknmk (ID = 54093)
9:04 AM: 2484.tmp (ID = 107123)
9:07 AM: 524.tmp (ID = 107123)
9:08 AM: 3368.tmp (ID = 107123)
9:08 AM: 3480.tmp (ID = 107123)
9:08 AM: windows update.log:cwvvd (ID = 56718)
9:08 AM: windows update.log:yfovi (ID = 56208)
9:09 AM: q308678.log:ifwtu (ID = 54093)
9:09 AM: kb841873.log:fbinn (ID = 56322)
9:09 AM: kb841873.log:pqfkx (ID = 56322)
9:09 AM: comsetup.log:enbqh (ID = 56322)
9:09 AM: kb820291.log:luqmx (ID = 56322)
9:09 AM: {224cfcbf-d155-48ce-9923-21627b2ba31e}.dat:mphjs (ID = 56718)
9:09 AM: 4024.tmp (ID = 107123)
9:09 AM: Found Adware: security iguard
9:09 AM: chmhelp.chm (ID = 75238)
9:09 AM: nsreg.dat:kmyqi (ID = 56194)
9:10 AM: 2164.tmp (ID = 107123)
9:10 AM: windowsupdate.log:htlcu (ID = 56194)
9:10 AM: explorer.exe:gdytp (ID = 56322)
9:10 AM: Warning: Failed to open file "c:\windows\". The system cannot find the path specified
9:10 AM: Warning: Failed to open file "c:\windows\". The system cannot find the path specified
9:10 AM: msgsocm.log:aggqmo (ID = 54093)
9:10 AM: oeuninst.exe:rvmajw (ID = 57119)
9:11 AM: mtwcnl32.dll (ID = 54330)
9:11 AM: syncor.exe:dlykw (ID = 56194)
9:11 AM: apiry.dll:fbxqjp (ID = 56208)
9:11 AM: javayk32.dll:kvrys (ID = 56208)
9:11 AM: sysea32.dll:rijle (ID = 56208)
9:11 AM: appoq32.dll:tyvxxf (ID = 57119)
9:11 AM: javayk32.dll:ocuggb (ID = 57119)
9:11 AM: netvy.dll:pupglf (ID = 54093)
9:11 AM: netvy.dll:njrawb (ID = 54093)
9:11 AM: syninst.log:jbnba (ID = 56194)
9:11 AM: ntyd32.dll:wglgt (ID = 56194)
9:11 AM: Found Adware: cws_mailhook
9:11 AM: readme.txt (ID = 56128)
9:11 AM: Found Trojan Horse: mspm-bot
9:11 AM: ddr64.dll (ID = 150006)
9:12 AM: File Sweep Complete, Elapsed Time: 00:33:53
9:12 AM: Full Sweep has completed. Elapsed time 00:42:56
9:12 AM: Traces Found: 505
9:53 AM: Removal process initiated
9:53 AM: Quarantining All Traces: cws_ns3
10:04 AM: Quarantining All Traces: trojan-downloader-vxiframe
10:04 AM: Quarantining All Traces: cws-aboutblank
10:05 AM: Quarantining All Traces: 2020search
10:05 AM: Quarantining All Traces: coolwebsearch (cws)
10:08 AM: Quarantining All Traces: cws_mailhook
10:08 AM: Quarantining All Traces: cws_tiny0
10:10 AM: Quarantining All Traces: mspm-bot
10:10 AM: Quarantining All Traces: security iguard
10:10 AM: Quarantining All Traces: tvmedia
11:10 AM: Removal process completed. Elapsed time 01:16:34
6:42 PM: Your spyware definitions have been updated.
6:44 PM: | End of Session, Friday, May 12, 2006 |
********
9:31 PM: | Start of Session, Wednesday, May 10, 2006 |
9:31 PM: Spy Sweeper started
9:31 PM: Sweep initiated using definitions version 556
9:31 PM: Starting Memory Sweep
9:33 PM: Sweep Canceled
9:33 PM: Memory Sweep Complete, Elapsed Time: 00:01:32
9:33 PM: Traces Found: 0
********
9:23 PM: | Start of Session, Wednesday, May 10, 2006 |
9:23 PM: Spy Sweeper started
9:31 PM: | End of Session, Wednesday, May 10, 2006 |

The Ewido scan had the same results as before, it froze on a memory location and didn't finish. It didn't print a log.

CWShredder didn't find anything.

Housecall found a couple of things and I fixed them (I didn't write down what they were, I thought it would have a report.)

And here is my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 11:33:35 AM, on 5/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLServiceHost.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Cookie Washer\aolwasher.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\hjt\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brazeal\Application Data\Mozilla\Profiles\default\alhwq5n1.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107146022\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Brazeal"
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {0F2E637F-E3AF-49BB-8BCF-2CFAEDF862EF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for ¸ĉu
: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EFA4DDA-C9A7-4458-9F28-DD701D193851}: NameServer = 12.127.16.77,12.127.17.77
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thank you for your help!

#39 Guest_poporacer_*

Guest_poporacer_*
  • Guests

Posted 18 May 2006 - 12:53 PM

I was able to run Kapersky online scanner while I was waiting and this is what it found To save space, I deleted all the occurrances of files it founf in the Norton Antivirus quarantined folder: Thursday, May 18, 2006 11:21:12 AM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky On-line Scanner version: 5.0.78.0 Kaspersky Anti-Virus database last update: 18/05/2006 Kaspersky Anti-Virus database records: 194680 Scan Settings Scan using the following antivirus database extended Scan Archives true Scan Mail Bases true Scan Target My Computer A:\ C:\ D:\ Scan Statistics Total number of scanned objects 63366 Number of viruses found 32 Number of infected objects 2447 Number of suspicious objects 588 Duration of the scan process 01:51:48 Infected Object Name Virus Name Last Action C:\Documents and Settings\Brazeal\.housecall\Quarantine\jfnljaa.dll12.bac_a03424 Infected: Trojan.Win32.StartPage.is skipped C:\Documents and Settings\Brazeal\.housecall\Quarantine\n_ctfkoy.dat.bac_a03424 Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\Documents and Settings\Brazeal\Local Settings\Temp\018907300\2552.tmp Infected: Trojan-Downloader.Win32.Tibs.s skipped C:\Documents and Settings\Brazeal\Local Settings\Temp\018907300\3056.tmp Infected: Trojan.Win32.Dialer.ay skipped C:\Documents and Settings\Brazeal\Local Settings\Temp\018907300\3216.tmp Infected: Trojan-Downloader.Win32.Tibs.s skipped C:\Documents and Settings\Brazeal\Local Settings\Temp\018907300\3232.tmp Infected: Trojan.Win32.Dialer.ay skipped C:\Documents and Settings\Brazeal\Local Settings\Temp\018907300\3844.tmp Infected: Trojan-Spy.Win32.Goldun.do skipped C:\Documents and Settings\Brazeal\Local Settings\Temp\018907300\4032.tmp Infected: Trojan-Spy.Win32.Goldun.do skipped C:\hjt\hijackthis2 Suspicious: Exploit.HTML.Mht skipped C:\Program Files\Norton SystemWorks\Norton CleanSweep\Backup\d_al3321.BUD ZIP: infected - 1 skipped C:\WINDOWS\$NtServicePackUninstall$\winhlp32.exe:auvhp:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\AolCInUn.exe:kdcuw:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\clock.avi:ogdtq:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Coffee Bean.bmp:girms:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\comsetup.log:mufzxe:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped C:\WINDOWS\criw.dll:gcwus:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\explorer.scf:ftqxt:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\FeatherTexture.bmp:oorxg:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Instlog.lyt:pqpai:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\IsUninst.exe:rtqug:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\KB825119.log:iboiy:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\KB837001.log:ourvo:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\KB839643-DirectX9.log:hsrtk:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\msdfmap.ini:goqjn:$DATA Infected: Trojan-Downloader.Win32.Agent.cd skipped C:\WINDOWS\ntcp.dll:wjkbk:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\ntdtcsetup.log:dnivl:$DATA Infected: Trojan-Downloader.Win32.Agent.cd skipped C:\WINDOWS\ntdtcsetup.log:sokke:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\n_lbevhe.log Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\WINDOWS\ODBC.INI:toxok:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\ODBCINST.INI:fkaomz:$DATA Infected: Trojan-Downloader.Win32.WinShow.ak skipped C:\WINDOWS\PhotoSuite.ini:zhwhw:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Prairie Wind.bmp:nbqsl:$DATA/data0001.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped C:\WINDOWS\Prairie Wind.bmp:nbqsl:$DATA/data0002.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped C:\WINDOWS\Prairie Wind.bmp:nbqsl:$DATA/data0003.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped C:\WINDOWS\Prairie Wind.bmp:nbqsl:$DATA/data0004.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped C:\WINDOWS\Prairie Wind.bmp:nbqsl:$DATA/data0005.html Infected: Trojan-Downloader.Win32.WinShow.ak skipped C:\WINDOWS\Prairie Wind.bmp:nbqsl:$DATA Embedded HTML: infected - 5 skipped C:\WINDOWS\Prairie Wind.bmp:uedrs:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Prairie Wind.bmp:xmnik:$DATA Infected: Trojan-Downloader.Win32.Agent.cd skipped C:\WINDOWS\pss\system.ini.backup:ombus:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Q308677.log:iqump:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Q308677.log:pdknp:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Q323255.log:hehuw:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Q323255.log:wozgl:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Q330994.exe:vnyws:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Q331953.log:nodki:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Q817606.log:tscak:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\REGLOCS.OLD:cbxch:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\Rhododendron.bmp:jqrci:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\River Sumida.bmp:lbspu:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\setdebug.exe:adsgi:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\WINDOWS\svcpack.log:smmsk:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\SynCor.exe:sesgx:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\TASKMAN.EXE:cbckc:$DATA Infected: Trojan-Downloader.Win32.Agent.cd skipped C:\WINDOWS\vmmreg32.dll:ljtqf:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\WindowsUpdate.log:htlcu:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\WINDOWS\winpz32.dll:mymoo:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped C:\WINDOWS\{6AE3C542-5BBA-45CC-82C8-E6DA3F99439C}.dat:ninjr:$DATA Infected: Trojan-Downloader.Win32.Agent.ap skipped C:\WINDOWS\{F0AB8E0D-81A1-4627-A734-5C24FA694F79}.dat:xgrqb:$DATA Infected: Trojan-Downloader.Win32.Agent.bq skipped Scan process completed. Thanks!

#40 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 18 May 2006 - 08:18 PM

Sorry I was called out of town for work on an emergency. Can I see a new hijackthis log please.

    Advertisements

Register to Remove


#41 Guest_poporacer_*

Guest_poporacer_*
  • Guests

Posted 19 May 2006 - 10:52 PM

Thats ok I understand, you have to put food on the table! Here is a new log. I don't think it is different from the other one!

Logfile of HijackThis v1.99.1
Scan saved at 9:45:30 PM, on 5/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Cookie Washer\aolwasher.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLHOS~1.EXE
C:\Program Files\America Online 9.0a\waol.exe
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brazeal\Application Data\Mozilla\Profiles\default\alhwq5n1.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107146022\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Brazeal"
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {0F2E637F-E3AF-49BB-8BCF-2CFAEDF862EF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for ¸ĉu
: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EFA4DDA-C9A7-4458-9F28-DD701D193851}: NameServer = 12.127.16.77,12.127.17.77
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#42 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 20 May 2006 - 10:05 AM

Step#1:Restore Deleted System Files

Now we need to see if we need to restore some deleted files:Please check for the following files using the Windows Search Engine:
  • control.exe
  • rundll32.exe
  • wmplayer.exe
  • msconfig.exe
  • notepad.exe
  • shell.dll
  • SDHelper.dll
If any are missing or not working properly then you can download new copies from
Merijn's Files and following the instructions at that site to have them where they belong for your OS.
  • If you are having any difficulty with Notepad, please go to Merijn's Files and choose 'Windows Files' from the menu on the left hand side of the page. Then choose 'Notepad' from the list and download it to C:\Windows and C:\Windows\System32
  • Download the Hoster from here. Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.
  • This infection often deletes some system files that need to be replaced. The most frequent one it deletes is shell.dll in Win2K or XP. In XP there are two copies of this file, one in Windows (WINNT) and one in Windows\System32. It does not delete the one in Windows\System so it does not affect Win9x/ME. If you find it missing, please copy the shell.dll from c:\windows\system32\dllcache into both \Windows (WINNT) and Windows\System32 .
  • The other system file which is most frequently deleted is control.exe. Please check to make sure that you have this file and it is the correct size. If not Please check for the existence of this file by going to to Merijn's Files (sdhelper) and examine where the file should be for your operating system. If the file is missing then download the appropriate file and place it in the proper place according to the information at this website. The control.exe is more often deleted in Win9x/ME.
  • If you have Spybot S&D installed you will also need to replace one file. Go here: Merijn's Files (sdhelper) and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button
Step#2:Download CCleaner
  • Download Ccleaner to clean temp files from your computer.
  • Double click on Ccleaner to install the program, with its default settings, selecting language and agreeing to the license agreement.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • Click Options > Advanced and uncheck "Only delete files in Windows Temp folders older than 48 hours".



    Step#3:Complete An Online AntiVirus Scan

    Run an online antivirus scan at:

    Trend Micro-Housecall Online AV

    Reboot



    Step#4:Find the Infected Files On Your Hard Drive
    [list]
  • Navigate to C:\Windows
  • look for files that were created at the approximate time and date as the infection occurred.
  • look for those that end in exe, DAT and DLL and if found, right click on the file and check properties. Legitimate files should be copyrighted by Microsoft
  • if you determine they are bad files, right click on them and choose delete
  • Navigate to C:\Windows\System or C:\Windows\System32 (depending on the OS) and repeat each of the above steps to check for those ending in exe, DAT and/or DLL
  • if the above files will not delete, then make a new folder on your desktop by right clicking on the desktop and choosing New > Folder. Name the folder CWS Files.
  • Move the files from C:\Windows or C:\Windows\System or C:\Windows\system32
    to the new folder CWS Files.
Step#5:Using your Windows CD to replace System Files

** In cases where many system files are missing you have no alternative but to have them insert their Windows OS disk and run sfc /scannow from the Run box if able or from Recovery Console if not able to get into windows[/b]



Step#6:Scan And Post a New HijackThis Log

1. Scan again with HijackThis

2. POST your log file using Add Reply to see what is left to fix.

#43 Guest_poporacer_*

Guest_poporacer_*
  • Guests

Posted 22 May 2006 - 11:52 AM

OK, the scan didn't find anything. I did everything else, here is the log:
Logfile of HijackThis v1.99.1
Scan saved at 10:44:53 AM, on 5/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLServiceHost.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Cookie Washer\aolwasher.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brazeal\Application Data\Mozilla\Profiles\default\alhwq5n1.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107146022\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Brazeal"
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {0F2E637F-E3AF-49BB-8BCF-2CFAEDF862EF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for ¸ĉu
: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EFA4DDA-C9A7-4458-9F28-DD701D193851}: NameServer = 12.127.16.77,12.127.17.77
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

#44 Siggyx

Siggyx

    SuperHelper

  • Authentic Member
  • PipPipPipPipPipPip
  • 6,776 posts

Posted 23 May 2006 - 08:09 PM

Ok hopefully we are almost there.

Can you run about:buster again and post the log.

Next

Please download Asquared from the link below.

http://www.emsisoft....tware/download/

Safe it to your desktop. Next open and check for updates.

Boot to safe mode (tap f8 while bios loads)

Then scan your system (this will take some time) after the scan is compelte allow it to fix what it has found. If there is something that it can not clean please let me know what it was.

Then reboot and post a new hijackthis log.

NEXT

Download ATF Cleaner:
http://www.atribune....tent/view/19/2/
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

When done a prompt appears informing of such.

(If you use FireFox or the Opera browser
To keep saved passwords, click No at the prompt.)

Then a reboot and a new hijackthis log and let me know how things are running.

#45 Guest_poporacer_*

Guest_poporacer_*
  • Guests

Posted 24 May 2006 - 11:35 AM

OK. About buster found nothing. Asquared found 3 infected files and was sucessful at deleting them. ATF Cleaner completed fine. Here is my new log:
Logfile of HijackThis v1.99.1
Scan saved at 10:17:52 AM, on 5/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Compaq\EAB\EabServr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Cookie Washer\aolwasher.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110714~1\EE\AOLServiceHost.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\WINDOWS\System32\PackethSvc.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
C:\Program Files\F-Secure Internet Security\Common\FSMB32.EXE
C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\Program Files\F-Secure Internet Security\Common\FCH32.EXE
C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hjt\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presari...&c=1c02&lc=0409
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presari...&c=1c02&lc=0409
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq
N2 - Netscape 6: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Brazeal\Application Data\Mozilla\Profiles\default\alhwq5n1.slt\prefs.js)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1107146022\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EabServr.exe /Start
O4 - HKLM\..\Run: [Cpqset] c:\compaq\cpqsetup\cpqset.exe
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Cookie Washer\washidx.exe "Brazeal"
O4 - HKCU\..\Run: [ccWasher] C:\Program Files\Cookie Washer\aolwasher.exe /0
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - Global Startup: D-Link AirPlus G Configuration Utility.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Advisor - {0F2E637F-E3AF-49BB-8BCF-2CFAEDF862EF} - C:\Program Files\COMPAQ\Compaq Advisor\bin\rbaLauncher.exe (file missing) (HKCU)
O10 - Broken Internet access because of LSP provider 'connwsp.dll' missing
O12 - Plugin for .avi: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for ¸ĉu
: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin2.dll
O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=1c02&lc=0409
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} (AOL Content Update) - http://esupport.aol....oach_core_1.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0EFA4DDA-C9A7-4458-9F28-DD701D193851}: NameServer = 12.127.16.77,12.127.17.77
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\F-Secure Internet Security\Common\FSMA32.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Thanks again!

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users