Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91805 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

My Hijack log...help me please


  • This topic is locked This topic is locked
17 replies to this topic

#1 asat00

asat00

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 22 February 2007 - 11:22 PM

I have windows xp. After login, it takes a couple minutes for it to idle down to a point that i can use anything. First of all, upon login, my documents automatically opens as does my ati video card menu. These items MUST be closed for anything else to be functional. After I close these 2 items, the computer seems to take another 30 seconds or so for the memory to slow down to a point where I can click on anything. I also have another problem where my system shuts down periodically and "dumps physical memory to disk with dumprep.exe. Of course at this point I am at a blue screen watching it count up to 100 % of my memory being dumped before the system goes through a total reboot.

Here is my Hijack log.............and here is my frustration :(

Logfile of HijackThis v1.99.1
Scan saved at 2:31:50 AM, on 2/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\POS\Desktop\HijackThis.exe
C:\WINDOWS\system32\notepad.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {09419588-4A35-B532-FA96-5DD0086ED758} - C:\WINDOWS\addji32.dll (file missing)
O2 - BHO: Class - {3E7061C4-43FC-71F4-46DC-05A0D8524F6C} - C:\WINDOWS\system32\appms.dll (file missing)
O2 - BHO: Class - {6A0E994E-4480-E395-A686-B7DA759397C2} - C:\WINDOWS\system32\javavk.dll (file missing)
O2 - BHO: Class - {95965495-1470-4C61-CFC6-92CC68BB586B} - C:\WINDOWS\apixo.dll (file missing)
O2 - BHO: Class - {9AF830EE-B4FC-5AE7-09FD-EE99691152F9} - C:\WINDOWS\d3mz32.dll (file missing)
O2 - BHO: Class - {A242E683-72B0-E8A6-630D-7874F7A00AAC} - C:\WINDOWS\system32\atlmu32.dll (file missing)
O2 - BHO: Class - {AEA2292E-DF45-792C-43F0-55DA48450852} - C:\WINDOWS\syskg32.dll (file missing)
O2 - BHO: Class - {B0367C2E-B56C-E211-63D0-EFD035F6EADF} - C:\WINDOWS\system32\ntdc32.dll (file missing)
O2 - BHO: Class - {BA97183C-849F-18AC-10FF-F7B7B52D6B07} - C:\WINDOWS\javasb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C3D292B4-683A-18D1-852B-943823CD81BF} - C:\WINDOWS\iphp32.dll (file missing)
O2 - BHO: Class - {E350DCDC-9A76-985D-AE90-CDD6F5D74D1C} - C:\WINDOWS\javaat32.dll (file missing)
O2 - BHO: Class - {E6793744-4C7D-13BC-5DB0-7657683A0CE5} - C:\WINDOWS\system32\windv32.dll (file missing)
O2 - BHO: Class - {E6A5DEB6-DFBB-FF53-9851-961BC9F9B592} - C:\WINDOWS\system32\crfo.dll (file missing)
O2 - BHO: Class - {E8A46B07-DD84-7F8E-270C-FF55E437585C} - C:\WINDOWS\ntdr.dll (file missing)
O2 - BHO: Class - {FEB83F4D-CC42-5BB2-2F5F-FF52E5B474D5} - C:\WINDOWS\crwq32.dll (file missing)
O2 - BHO: Class - {FF44CFF2-75F6-EC14-97CF-F61DFA427C09} - C:\WINDOWS\d3si32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
O4 - HKLM\..\Run: [Explorer.EXE] C:\WINDOWS\explorer.exe
O4 - HKLM\..\Run: [apimw32.exe] C:\WINDOWS\apimw32.exe
O4 - HKLM\..\Run: [d3ye.exe] C:\WINDOWS\d3ye.exe
O4 - HKLM\..\Run: [ipea.exe] C:\WINDOWS\ipea.exe
O4 - HKLM\..\Run: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
O4 - HKLM\..\Run: [iemq32.exe] C:\WINDOWS\system32\iemq32.exe
O4 - HKLM\..\Run: [apina32.exe] C:\WINDOWS\apina32.exe
O4 - HKLM\..\Run: [atlpo.exe] C:\WINDOWS\atlpo.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atloi.exe] C:\WINDOWS\atloi.exe
O4 - HKLM\..\Run: [apixb32.exe] C:\WINDOWS\system32\apixb32.exe
O4 - HKLM\..\Run: [sysqi32.exe] C:\WINDOWS\sysqi32.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\d3yj.exe
O4 - HKLM\..\Run: [iezc32.exe] C:\WINDOWS\iezc32.exe
O4 - HKLM\..\Run: [netdh32.exe] C:\WINDOWS\netdh32.exe
O4 - HKLM\..\Run: [ipqo32.exe] C:\WINDOWS\ipqo32.exe
O4 - HKLM\..\Run: [wingc32.exe] C:\WINDOWS\system32\wingc32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: SCPopup.lnk = C:\Program Files\SHARP\PixLab Lite Pack\SCPopup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton Class) - https://www.cwinside...ge/TSAEButn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130568272023
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...489/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\POS\Desktop\CWShredder.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GXSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe" "WMP54GX.exe (file missing)

    Advertisements

Register to Remove


#2 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 23 February 2007 - 06:07 AM

Hi asat00and welcome to Tom Coyote forums

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
dan

#3 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 23 February 2007 - 07:47 AM

Hi asat00

we need to put HJT into a permanent folder.

Create a folder on the desktop, right click on the desktop new folder and name it HJT. Now locate HijackThis.exe copy and
paste it into the folder you created on the desktop.
The reason I ask for this is, unless HJT is in its own folder it will not make backups and should things not go the way we want them to, we will be able to return to a point where we can start again.
_____________________________

You'll need to disable Norton script blocking so that it will not interfere with the fixes:

To disable Norton Script Blocking:

Click Start>Run, type in services.msc and hit enter.

From the list find ScriptBlocking Service and right click on it... choose properties. Stop the service and change the Startup to Disabled for now and exit the services console.

You can re-enable them once the system is clean.

___________________

Download AboutBuster:

http://www.besttechi...AboutBuster.zip
http://www.malwareby...AboutBuster.zip

Once downloaded, unzip it, and put the folder on your desktop. Then double-click on the AboutBuster icon to start the program.

Next, click Begin Removal.

When the scan is done, click Ok.

After you click Ok, you should follow the protection tab and install FireFox and SpywareBlaster. To learn how to install them, click Protection.

Click Install FireFox to install the free alternative browser.

After you install FireFox, make sure you install SpywareBlaster to do that click Install SpywareBlaster.

After you're done install SpywareBlaster, click Exit.

After you click Exit, that dialog box will popup, click Ok.

Then be sure to post a brand new HijackThis log along with the AboutBuster log.

Thanks dan

#4 asat00

asat00

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 24 February 2007 - 01:54 AM

Here is the new information. I have installed firefox and SpywareBlaster but have not ran either as it was not in the instructions. I will be patiently awaiting a reply and thanks again for taking my case.

Logfile of HijackThis v1.99.1
Scan saved at 1:51:38 AM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\POS\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {09419588-4A35-B532-FA96-5DD0086ED758} - C:\WINDOWS\addji32.dll (file missing)
O2 - BHO: Class - {3E7061C4-43FC-71F4-46DC-05A0D8524F6C} - C:\WINDOWS\system32\appms.dll (file missing)
O2 - BHO: Class - {6A0E994E-4480-E395-A686-B7DA759397C2} - C:\WINDOWS\system32\javavk.dll (file missing)
O2 - BHO: Class - {95965495-1470-4C61-CFC6-92CC68BB586B} - C:\WINDOWS\apixo.dll (file missing)
O2 - BHO: Class - {9AF830EE-B4FC-5AE7-09FD-EE99691152F9} - C:\WINDOWS\d3mz32.dll (file missing)
O2 - BHO: Class - {A242E683-72B0-E8A6-630D-7874F7A00AAC} - C:\WINDOWS\system32\atlmu32.dll (file missing)
O2 - BHO: Class - {AEA2292E-DF45-792C-43F0-55DA48450852} - C:\WINDOWS\syskg32.dll (file missing)
O2 - BHO: Class - {B0367C2E-B56C-E211-63D0-EFD035F6EADF} - C:\WINDOWS\system32\ntdc32.dll (file missing)
O2 - BHO: Class - {BA97183C-849F-18AC-10FF-F7B7B52D6B07} - C:\WINDOWS\javasb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C3D292B4-683A-18D1-852B-943823CD81BF} - C:\WINDOWS\iphp32.dll (file missing)
O2 - BHO: Class - {E350DCDC-9A76-985D-AE90-CDD6F5D74D1C} - C:\WINDOWS\javaat32.dll (file missing)
O2 - BHO: Class - {E6793744-4C7D-13BC-5DB0-7657683A0CE5} - C:\WINDOWS\system32\windv32.dll (file missing)
O2 - BHO: Class - {E6A5DEB6-DFBB-FF53-9851-961BC9F9B592} - C:\WINDOWS\system32\crfo.dll (file missing)
O2 - BHO: Class - {E8A46B07-DD84-7F8E-270C-FF55E437585C} - C:\WINDOWS\ntdr.dll (file missing)
O2 - BHO: Class - {FEB83F4D-CC42-5BB2-2F5F-FF52E5B474D5} - C:\WINDOWS\crwq32.dll (file missing)
O2 - BHO: Class - {FF44CFF2-75F6-EC14-97CF-F61DFA427C09} - C:\WINDOWS\d3si32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
O4 - HKLM\..\Run: [Explorer.EXE] C:\WINDOWS\explorer.exe
O4 - HKLM\..\Run: [apimw32.exe] C:\WINDOWS\apimw32.exe
O4 - HKLM\..\Run: [d3ye.exe] C:\WINDOWS\d3ye.exe
O4 - HKLM\..\Run: [ipea.exe] C:\WINDOWS\ipea.exe
O4 - HKLM\..\Run: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
O4 - HKLM\..\Run: [iemq32.exe] C:\WINDOWS\system32\iemq32.exe
O4 - HKLM\..\Run: [apina32.exe] C:\WINDOWS\apina32.exe
O4 - HKLM\..\Run: [atlpo.exe] C:\WINDOWS\atlpo.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atloi.exe] C:\WINDOWS\atloi.exe
O4 - HKLM\..\Run: [apixb32.exe] C:\WINDOWS\system32\apixb32.exe
O4 - HKLM\..\Run: [sysqi32.exe] C:\WINDOWS\sysqi32.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\d3yj.exe
O4 - HKLM\..\Run: [iezc32.exe] C:\WINDOWS\iezc32.exe
O4 - HKLM\..\Run: [netdh32.exe] C:\WINDOWS\netdh32.exe
O4 - HKLM\..\Run: [ipqo32.exe] C:\WINDOWS\ipqo32.exe
O4 - HKLM\..\Run: [wingc32.exe] C:\WINDOWS\system32\wingc32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: SCPopup.lnk = C:\Program Files\SHARP\PixLab Lite Pack\SCPopup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton Class) - https://www.cwinside...ge/TSAEButn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130568272023
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...489/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\POS\Desktop\CWShredder.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GXSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe" "WMP54GX.exe (file missing)

AboutBuster 6.05
Scan started on [2/24/2007] at [12:55:53 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
Removed File! : C:\WINDOWS\cqfwrn.log
Removed File! : C:\WINDOWS\vqyblp.log
Removed File! : C:\WINDOWS\rtyumj.log
Removed File! : C:\WINDOWS\kuiagl.log
Removed File! : C:\WINDOWS\hiidsz.dat
Removed File! : C:\WINDOWS\ihlyyl.dat
Removed File! : C:\WINDOWS\biddso.dat
Removed File! : C:\WINDOWS\hmosvw.dat
Removed File! : C:\WINDOWS\znyxpg.dat
Removed File! : C:\WINDOWS\mklhps.dat
Removed File! : C:\WINDOWS\siqffo.dat
Removed File! : C:\WINDOWS\fgwuvv.dat
Removed File! : C:\WINDOWS\xhpzpx.dat
Removed File! : C:\WINDOWS\kijkhz.dat
Removed File! : C:\WINDOWS\cuxhsx.log
Removed File! : C:\WINDOWS\ilxcda.dat
Removed File! : C:\WINDOWS\bmhhfk.dat
Removed File! : C:\WINDOWS\eztbsr.dat
Removed File! : C:\WINDOWS\nugeb.dat
Removed File! : C:\WINDOWS\ksypov.log
Removed File! : C:\WINDOWS\ctjuig.dat
Removed File! : C:\WINDOWS\hvviwv.log
Removed File! : C:\WINDOWS\awnnyf.log
Removed File! : C:\WINDOWS\ovfxa.dat
Removed File! : C:\WINDOWS\rptxjv.log
Removed File! : C:\WINDOWS\jqmcdf.log
Removed File! : C:\WINDOWS\eucetd.log
Removed File! : C:\WINDOWS\xdovn.dat
Removed File! : C:\WINDOWS\djbop.log
Removed File! : C:\WINDOWS\qjrsr.log
Removed File! : C:\WINDOWS\qrcea.dat
Removed File! : C:\WINDOWS\btfox.log
Removed File! : C:\WINDOWS\hxnuek.log
Removed File! : C:\WINDOWS\zyfzyv.log
Removed File! : C:\WINDOWS\gtpbu.log
Removed File! : C:\WINDOWS\jwtfwi.log
Removed File! : C:\WINDOWS\bxlkys.log
Removed File! : C:\WINDOWS\uisdth.log
Removed File! : C:\WINDOWS\mjcqvs.log
Removed File! : C:\WINDOWS\jgpjt.dat
Removed File! : C:\WINDOWS\efkrx.dat
Removed File! : C:\WINDOWS\wyuxz.dat
Removed File! : C:\WINDOWS\kilwp.log
Removed File! : C:\WINDOWS\gdahhp.dat
Removed File! : C:\WINDOWS\zesmjz.dat
Removed File! : C:\WINDOWS\vjwol.log
Removed File! : C:\WINDOWS\suosk.dat
Removed File! : C:\WINDOWS\rlkob.dat
Removed File! : C:\WINDOWS\zydfz.log
Removed File! : C:\WINDOWS\hqntm.log
Removed File! : C:\WINDOWS\ggvpuy.dat
Removed File! : C:\WINDOWS\zhndwa.dat
Removed File! : C:\WINDOWS\rltur.dat
Removed File! : C:\WINDOWS\dvrdg.dat
Removed File! : C:\WINDOWS\nftov.log
Removed File! : C:\WINDOWS\slomc.log
Removed File! : C:\WINDOWS\dnrfy.log
Removed File! : C:\WINDOWS\mtiql.log
Removed File! : C:\WINDOWS\kumkkd.log
Removed File! : C:\WINDOWS\dvxxmn.log
Removed File! : C:\WINDOWS\vuagsk.log
Removed File! : C:\WINDOWS\nuklvm.log
Removed File! : C:\WINDOWS\tdwxqw.log
Removed File! : C:\WINDOWS\meockh.dat
Removed File! : C:\WINDOWS\msnot.dat
Removed File! : C:\WINDOWS\psrexh.log
Removed File! : C:\WINDOWS\itbjrs.log
Removed File! : C:\WINDOWS\mqvgy.dat
Removed File! : C:\WINDOWS\zqlka.log
Removed File! : C:\WINDOWS\slladu.log
Removed File! : C:\WINDOWS\lmenxf.log
Removed File! : C:\WINDOWS\piipk.dat
Removed File! : C:\WINDOWS\rgjkut.dat
Removed File! : C:\WINDOWS\coznfh.log
Removed File! : C:\WINDOWS\dvolgj.log
Removed File! : C:\WINDOWS\vvgyit.log
Removed File! : C:\WINDOWS\gojpn.log
Removed File! : C:\WINDOWS\yhqdt.log
Removed File! : C:\WINDOWS\rmwcq.log
Removed File! : C:\WINDOWS\yivldm.log
Removed File! : C:\WINDOWS\yivld.dat
Removed File! : C:\WINDOWS\wdfepm.dat
Removed File! : C:\WINDOWS\oeyjro.dat
Removed File! : C:\WINDOWS\vmzfc.dat
Removed File! : C:\WINDOWS\qfduu.dat
Removed File! : C:\WINDOWS\etfolk.dat
Removed File! : C:\WINDOWS\tkxowx.log
Removed File! : C:\WINDOWS\dkqtqh.dat
Removed File! : C:\WINDOWS\vvozw.dat
Removed File! : C:\WINDOWS\ypngum.log
Removed File! : C:\WINDOWS\riguow.log
Removed File! : C:\WINDOWS\jevhva.log
Removed File! : C:\WINDOWS\bfnmpc.log
Removed File! : C:\WINDOWS\ogerj.dat
Removed File! : C:\WINDOWS\jgczrh.log
Removed File! : C:\WINDOWS\thueuk.log
Removed File! : C:\WINDOWS\tmnek.dat
Removed File! : C:\WINDOWS\cdtbhi.log
Removed File! : C:\WINDOWS\veegks.log
Removed File! : C:\WINDOWS\yjhki.log
Removed File! : C:\WINDOWS\sffjg.dat
Removed File! : C:\WINDOWS\aqudn.dat
Removed File! : C:\WINDOWS\bwgkth.dat
Removed File! : C:\WINDOWS\daqhon.dat
Removed File! : C:\WINDOWS\rtkvy.log
Removed File! : C:\WINDOWS\cuvou.log
Removed File! : C:\WINDOWS\ypcrno.log
Removed File! : C:\WINDOWS\rquwpz.log
Removed File! : C:\WINDOWS\cuuio.dat
Removed File! : C:\WINDOWS\noftk.dat
Removed File! : C:\WINDOWS\dmjlup.dat
Removed File! : C:\WINDOWS\aushsp.log
Removed File! : C:\WINDOWS\kvkmmz.log
Removed File! : C:\WINDOWS\system32\imqhd.txt
Removed File! : C:\WINDOWS\system32\dalqy.dat
Removed File! : C:\WINDOWS\system32\xoaso.log
Removed File! : C:\WINDOWS\system32\ekhab.txt
Removed File! : C:\WINDOWS\system32\tybpu.txt
Removed File! : C:\WINDOWS\system32\xsxnk.dat
Removed File! : C:\WINDOWS\system32\uramv.log
Removed File! : C:\WINDOWS\system32\ftdxs.txt
Removed File! : C:\WINDOWS\system32\sanlo.txt
Removed File! : C:\WINDOWS\system32\dbqel.txt
Removed File! : C:\WINDOWS\system32\ygsdq.txt
Removed File! : C:\WINDOWS\system32\hkldx.log
Removed File! : C:\WINDOWS\system32\aegfo.dat
Removed File! : C:\WINDOWS\system32\sfzkq.log
Removed File! : C:\WINDOWS\system32\wmcij.txt
Removed File! : C:\WINDOWS\system32\yercj.txt
Removed File! : C:\WINDOWS\system32\iwkid.dat
Removed File! : C:\WINDOWS\system32\zoyyz.txt
Removed File! : C:\WINDOWS\system32\kfmdg.txt
Removed File! : C:\WINDOWS\system32\eregk.dat
Removed File! : C:\WINDOWS\system32\hkiyg.dat
Removed File! : C:\WINDOWS\system32\vunry.log
Removed File! : C:\WINDOWS\system32\ybqaj.log
Removed File! : C:\WINDOWS\system32\jcttx.log
Removed File! : C:\WINDOWS\system32\kzoxv.log
Removed File! : C:\WINDOWS\system32\ajlaz.log
Removed File! : C:\WINDOWS\system32\tujhl.log
Removed File! : C:\WINDOWS\system32\luung.txt
Removed File! : C:\WINDOWS\system32\oeomv.txt
Removed File! : C:\WINDOWS\system32\bemqx.txt
Removed File! : C:\WINDOWS\system32\tfxvz.txt
Removed File! : C:\WINDOWS\system32\pegjh.log
Removed File! : C:\WINDOWS\system32\trsbd.txt
Removed File! : C:\WINDOWS\system32\hpbyl.dat
Removed File! : C:\WINDOWS\system32\irtht.txt
Removed File! : C:\WINDOWS\system32\bslmn.log
Removed File! : C:\WINDOWS\system32\chixn.dat
Removed File! : C:\WINDOWS\system32\ssrdi.txt
Removed File! : C:\WINDOWS\system32\embef.log
Removed File! : C:\WINDOWS\system32\ivbre.log
Removed File! : C:\WINDOWS\system32\gezhs.txt
Removed File! : C:\WINDOWS\system32\yfrmv.txt
Removed File! : C:\WINDOWS\system32\yczmi.txt
Removed File! : C:\WINDOWS\system32\gfkxz.log
Removed File! : C:\WINDOWS\system32\aaraw.txt
Removed File! : C:\WINDOWS\system32\lbclt.txt
Removed File! : C:\WINDOWS\system32\qxygq.log
Removed File! : C:\WINDOWS\system32\brbqm.log
Removed File! : C:\WINDOWS\system32\greqb.dat
Removed File! : C:\WINDOWS\system32\duvtu.dat
Removed File! : C:\WINDOWS\system32\sizpi.log
Removed File! : C:\WINDOWS\system32\lothq.log
Removed File! : C:\WINDOWS\system32\igwen.dat
Removed File! : C:\WINDOWS\system32\qfxpx.dat
Removed File! : C:\WINDOWS\system32\dfnuz.txt
-------------------------------------------------------------
Removed Temp Files
Internet Explorer Settings Reset!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:00:27 AM


AboutBuster 6.05
Scan started on [2/24/2007] at [1:01:52 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:02:58 AM


AboutBuster 6.05
Scan started on [2/24/2007] at [1:39:58 AM]
-------------------------------------------------------------
Internet Explorer Instances Terminated!
HomeSearch Service stopped if present
-------------------------------------------------------------
Streams(ADS) not scanned: System not NTFS
-------------------------------------------------------------
No Files Found!
-------------------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 1:41:03 AM

#5 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 24 February 2007 - 12:40 PM

Hi,asat00, shouldn't keep you too much longer,had a few files to sort out for deletion. dan

#6 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 24 February 2007 - 12:50 PM

Hi asat00

Can you create a folder on the desktop and name it "HJT". find "HijackThis.exe" and copy and paste it into the new folder "HJT"
We do this incase we need a backup, only it has to have it's own folder.
Do this before carrying on with the fix!
_____________________________

Download ATF Cleaner by Atribune and save it to your Desktop.
Do not use yet!

Ewido is now known as ( AVG Anti-Spyware.)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Dont use yet!
________________________

We need to reveal system folders
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options
  • After the new window appears select the View tab.
  • Place a checkmark in the checkbox labeled Display the contents of system folders
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
  • Remove the checkmark from the checkbox labeled Hide protected operating system files
  • Press the Apply and then the ok button and shut down my computer
  • Now your computer is configured to show all hidden files.
  • For you and the tools to be able to see appropriate files we need to Show Hidden Files
Re-boot into safe mode

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE
Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)
O2 - BHO: Class - {09419588-4A35-B532-FA96-5DD0086ED758} - C:\WINDOWS\addji32.dll (file missing)
O2 - BHO: Class - {3E7061C4-43FC-71F4-46DC-05A0D8524F6C} - C:\WINDOWS\system32\appms.dll (file missing)
O2 - BHO: Class - {6A0E994E-4480-E395-A686-B7DA759397C2} - C:\WINDOWS\system32\javavk.dll (file missing)
O2 - BHO: Class - {95965495-1470-4C61-CFC6-92CC68BB586B} - C:\WINDOWS\apixo.dll (file missing)
O2 - BHO: Class - {9AF830EE-B4FC-5AE7-09FD-EE99691152F9} - C:\WINDOWS\d3mz32.dll (file missing)
O2 - BHO: Class - {A242E683-72B0-E8A6-630D-7874F7A00AAC} - C:\WINDOWS\system32\atlmu32.dll (file missing)
O2 - BHO: Class - {AEA2292E-DF45-792C-43F0-55DA48450852} - C:\WINDOWS\syskg32.dll (file missing)
O2 - BHO: Class - {B0367C2E-B56C-E211-63D0-EFD035F6EADF} - C:\WINDOWS\system32\ntdc32.dll (file missing)
O2 - BHO: Class - {BA97183C-849F-18AC-10FF-F7B7B52D6B07} - C:\WINDOWS\javasb.dll (file missing)
O2 - BHO: Class - {C3D292B4-683A-18D1-852B-943823CD81BF} - C:\WINDOWS\iphp32.dll (file missing)
O2 - BHO: Class - {E350DCDC-9A76-985D-AE90-CDD6F5D74D1C} - C:\WINDOWS\javaat32.dll (file missing)
O2 - BHO: Class - {E6793744-4C7D-13BC-5DB0-7657683A0CE5} - C:\WINDOWS\system32\windv32.dll (file missing)
O2 - BHO: Class - {E6A5DEB6-DFBB-FF53-9851-961BC9F9B592} - C:\WINDOWS\system32\crfo.dll (file missing)
O2 - BHO: Class - {E8A46B07-DD84-7F8E-270C-FF55E437585C} - C:\WINDOWS\ntdr.dll (file missing)
O2 - BHO: Class - {FEB83F4D-CC42-5BB2-2F5F-FF52E5B474D5} - C:\WINDOWS\crwq32.dll (file missing)
O2 - BHO: Class - {FF44CFF2-75F6-EC14-97CF-F61DFA427C09} - C:\WINDOWS\d3si32.dll (file missing)
O4 - HKLM\..\Run: [apimw32.exe] C:\WINDOWS\apimw32.exe
O4 - HKLM\..\Run: [d3ye.exe] C:\WINDOWS\d3ye.exe
O4 - HKLM\..\Run: [ipea.exe] C:\WINDOWS\ipea.exe
O4 - HKLM\..\Run: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
O4 - HKLM\..\Run: [iemq32.exe] C:\WINDOWS\system32\iemq32.exe
O4 - HKLM\..\Run: [apina32.exe] C:\WINDOWS\apina32.exe
O4 - HKLM\..\Run: [atlpo.exe] C:\WINDOWS\atlpo.exe
O4 - HKLM\..\Run: [atloi.exe] C:\WINDOWS\atloi.exe
O4 - HKLM\..\Run: [apixb32.exe] C:\WINDOWS\system32\apixb32.exe
O4 - HKLM\..\Run: [sysqi32.exe] C:\WINDOWS\sysqi32.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\d3yj.exe
O4 - HKLM\..\Run: [iezc32.exe] C:\WINDOWS\iezc32.exe
O4 - HKLM\..\Run: [netdh32.exe] C:\WINDOWS\netdh32.exe
O4 - HKLM\..\Run: [ipqo32.exe] C:\WINDOWS\ipqo32.exe
O4 - HKLM\..\Run: [wingc32.exe] C:\WINDOWS\system32\wingc32.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton Class) - https://www.cwinside...ge/TSAEButn.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab

WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

Right click start, In the drop down menu click "Explore" Then navigate to each file\ folder in the left hand pane, which will reveal its content in the right hand pane, highlight file or folder right click and Delete, if present:

C:\WINDOWS\system32\wingc32.exe << This file
C:\WINDOWS\ipqo32.exe << This file
C:\WINDOWS\netdh32.exe << This file
C:\WINDOWS\iezc32.exe << This file
C:\WINDOWS\d3yj.exe << This file
C:\WINDOWS\sysqi32.exe << This file
C:\WINDOWS\system32\apixb32.exe << This file
C:\WINDOWS\atloi.exe << This file
C:\WINDOWS\atlpo.exe << This file
C:\WINDOWS\apina32.exe << This file
C:\WINDOWS\system32\iemq32.exe << This file
C:\WINDOWS\system32\msoq32.exe << This file
C:\WINDOWS\ipea.exe << This file
C:\WINDOWS\d3ye.exe << This file
C:\WINDOWS\apimw32.exe << This file
C:\WINDOWS\d3si32.dll << This file
C:\WINDOWS\crwq32.dll << This file
C:\WINDOWS\ntdr.dll << This file
C:\WINDOWS\system32\crfo.dll << This file
C:\WINDOWS\system32\windv32.dll << This file
C:\WINDOWS\javaat32.dll << This file
C:\WINDOWS\iphp32.dll << This file
C:\WINDOWS\javasb.dll << This file
C:\WINDOWS\system32\ntdc32.dll << This file
C:\WINDOWS\syskg32.dll << This file
C:\WINDOWS\system32\atlmu32.dll << This file
C:\WINDOWS\d3mz32.dll << This file
C:\WINDOWS\apixo.dll << This file
C:\WINDOWS\system32\javavk.dll << This file
C:\WINDOWS\system32\appms.dll << This file
C:\WINDOWS\addji32.dll << This file
____________________

Run ATF cleaner
  • Double click ATF-Cleaner.exe to run the program.
  • Check the following boxes:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Recycle Bin
    • Java Cache
  • The rest are optional - if you want to remove the lot, check Select All.
  • Now click Empty Selected.
  • When you get the Done Cleaning message, click OK.
  • If you use Firefox browser.
    • Click Firefox at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.
  • If you use Opera browser.
    • Click Opera at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.

Run AVG Anti-Spyware

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)

      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

Please include new HJT log, AVG Anti-Spyware log.
in your next post
Thanks dan

#7 asat00

asat00

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 25 February 2007 - 12:03 AM

I have followed your instructions ver batum. Whats next? Heres both log files that you have requested.

Logfile of HijackThis v1.99.1
Scan saved at 1:51:38 AM, on 2/24/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\POS\Desktop\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {09419588-4A35-B532-FA96-5DD0086ED758} - C:\WINDOWS\addji32.dll (file missing)
O2 - BHO: Class - {3E7061C4-43FC-71F4-46DC-05A0D8524F6C} - C:\WINDOWS\system32\appms.dll (file missing)
O2 - BHO: Class - {6A0E994E-4480-E395-A686-B7DA759397C2} - C:\WINDOWS\system32\javavk.dll (file missing)
O2 - BHO: Class - {95965495-1470-4C61-CFC6-92CC68BB586B} - C:\WINDOWS\apixo.dll (file missing)
O2 - BHO: Class - {9AF830EE-B4FC-5AE7-09FD-EE99691152F9} - C:\WINDOWS\d3mz32.dll (file missing)
O2 - BHO: Class - {A242E683-72B0-E8A6-630D-7874F7A00AAC} - C:\WINDOWS\system32\atlmu32.dll (file missing)
O2 - BHO: Class - {AEA2292E-DF45-792C-43F0-55DA48450852} - C:\WINDOWS\syskg32.dll (file missing)
O2 - BHO: Class - {B0367C2E-B56C-E211-63D0-EFD035F6EADF} - C:\WINDOWS\system32\ntdc32.dll (file missing)
O2 - BHO: Class - {BA97183C-849F-18AC-10FF-F7B7B52D6B07} - C:\WINDOWS\javasb.dll (file missing)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {C3D292B4-683A-18D1-852B-943823CD81BF} - C:\WINDOWS\iphp32.dll (file missing)
O2 - BHO: Class - {E350DCDC-9A76-985D-AE90-CDD6F5D74D1C} - C:\WINDOWS\javaat32.dll (file missing)
O2 - BHO: Class - {E6793744-4C7D-13BC-5DB0-7657683A0CE5} - C:\WINDOWS\system32\windv32.dll (file missing)
O2 - BHO: Class - {E6A5DEB6-DFBB-FF53-9851-961BC9F9B592} - C:\WINDOWS\system32\crfo.dll (file missing)
O2 - BHO: Class - {E8A46B07-DD84-7F8E-270C-FF55E437585C} - C:\WINDOWS\ntdr.dll (file missing)
O2 - BHO: Class - {FEB83F4D-CC42-5BB2-2F5F-FF52E5B474D5} - C:\WINDOWS\crwq32.dll (file missing)
O2 - BHO: Class - {FF44CFF2-75F6-EC14-97CF-F61DFA427C09} - C:\WINDOWS\d3si32.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
O4 - HKLM\..\Run: [Explorer.EXE] C:\WINDOWS\explorer.exe
O4 - HKLM\..\Run: [apimw32.exe] C:\WINDOWS\apimw32.exe
O4 - HKLM\..\Run: [d3ye.exe] C:\WINDOWS\d3ye.exe
O4 - HKLM\..\Run: [ipea.exe] C:\WINDOWS\ipea.exe
O4 - HKLM\..\Run: [msoq32.exe] C:\WINDOWS\system32\msoq32.exe
O4 - HKLM\..\Run: [iemq32.exe] C:\WINDOWS\system32\iemq32.exe
O4 - HKLM\..\Run: [apina32.exe] C:\WINDOWS\apina32.exe
O4 - HKLM\..\Run: [atlpo.exe] C:\WINDOWS\atlpo.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [atloi.exe] C:\WINDOWS\atloi.exe
O4 - HKLM\..\Run: [apixb32.exe] C:\WINDOWS\system32\apixb32.exe
O4 - HKLM\..\Run: [sysqi32.exe] C:\WINDOWS\sysqi32.exe
O4 - HKLM\..\Run: [d3yj.exe] C:\WINDOWS\d3yj.exe
O4 - HKLM\..\Run: [iezc32.exe] C:\WINDOWS\iezc32.exe
O4 - HKLM\..\Run: [netdh32.exe] C:\WINDOWS\netdh32.exe
O4 - HKLM\..\Run: [ipqo32.exe] C:\WINDOWS\ipqo32.exe
O4 - HKLM\..\Run: [wingc32.exe] C:\WINDOWS\system32\wingc32.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: SCPopup.lnk = C:\Program Files\SHARP\PixLab Lite Pack\SCPopup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/...UI.cab46479.cab
O16 - DPF: {0AA2D4B3-27C3-42CB-B671-8B6CF97AE4FE} (TSAEButton Class) - https://www.cwinside...ge/TSAEButn.cab
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {4FAE30E1-EE9C-477D-8D06-BF8D3429B60F} (WebIQ Technology Client) - http://webiq001.webi...Q/bin/WebIQ.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130568272023
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...489/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\POS\Desktop\CWShredder.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GXSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe" "WMP54GX.exe (file missing)

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 11:51:57 PM 2/24/2007

+ Scan result:



C:\Documents and Settings\POS\Application Data\Casino.exe -> Adware.Casino : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{00283B79-8EAF-A0F2-004A-EFD319AA175D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{030916FE-6CC8-75D9-BFBF-4F3D1C97AF3E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{03733AEC-1A45-E742-4F5D-9544EFE63FE9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{04D4FCB8-6CAE-FAE7-BEE4-6CC086B1BB14} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{04FC5C29-73C6-99FE-9568-2D6316E0DB4F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{06E9293B-0874-4C97-3FF4-7898452B2624} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{072E4343-D602-0ADF-C47C-83BCE94CC13E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{073C7FC6-8137-7BA8-FC4D-8518F53DD1BA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{08813739-866D-C705-F996-46A4AC58A75B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{08A76AA8-55B8-70B2-36A7-A14598C929CD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0972EE38-5F19-0CDC-F8F2-205E91929353} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0AF6C5D1-D961-2A67-5933-1C5E86CAC4DF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B28B10C-0852-4322-CD8D-98680E44C015} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B3522A8-1397-5766-116F-3AB786CBA675} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0B7880E4-8F22-7DAC-627F-AA37E207B86D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0DC9678A-0260-8CEB-0563-594D9FB02903} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0DD9E095-DCF5-A74E-941B-D33928908138} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{0F97E590-7C11-7CDD-E08C-C00B4D68EDC9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{117089AA-D3C6-C679-D791-5088F7B82125} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{11BFA2A5-3764-8F18-ABD7-E340FEE4F763} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{12F72849-7A03-E428-0E12-0915087880FF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{143F0CC4-8D27-1804-BC97-F2655B846C8C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{15E2E41C-150E-DE06-1B0B-17338DEDCF17} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{15FA2653-0CF0-6D3F-91D1-ABFA3712FEE6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{174A517A-57C0-38A1-C5AD-FC8A4F20704B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{177CDD5E-8C7C-0B4D-8EDC-927A1BCC153B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18C2B1ED-7635-92A8-5DB5-E71520573650} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{18EA7FE0-8BD6-2D3D-4A77-6732EFEC2B2C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{19A72A9E-9283-25A1-64C8-866A3A28A5F6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1A8F55DA-AA1A-83F6-E440-B24CCE595AB8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1A9DBC61-B7F1-035F-9058-EB31A24F38B0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1B9CCCD9-3DA0-5E43-A4CE-924A8F49CC0F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1BB0401E-261A-8034-FA30-D3DFA178D6F7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1D3E4E2E-E8BE-F392-C1A4-B33BB3205F18} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1D626295-5E91-2B59-7E71-D5BE067A9719} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1DFFBD4D-E8D2-D6F9-3733-F3C0A037E369} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1EB1BC61-A9B6-80CA-CDCE-E2A960428849} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1EB7AD4B-3508-7A5B-14CF-9AD59844A6BC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{1F246984-4C70-58A7-8F52-49079121EF47} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2005B9B5-C183-DBA7-D764-F4CD01F0DAA3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{21E654F5-CF30-4A95-C97F-98763D1324F9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{22BF9CFD-BC21-2C25-35F3-9EFED9FD26C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{24A21166-E0B9-9BB7-8A9C-DD4F05B5207A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2538EAC6-ED02-4856-02AA-04BFA5E633F7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{25713B9E-3A18-4906-71FE-9FE3C5B4B02A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{25901F49-AB9D-2865-1DD3-8ECE5EAAD128} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2627C43B-FB1D-F815-04DA-3D4D787AEB82} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{264D7706-46BC-1C89-7DC5-AC71424D3C22} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{26F53C99-0B61-4FB0-4D4A-515CE2A6A5F0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2755BC00-486A-F461-9A67-46C97AEAEE96} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2815DA3C-D289-035A-9DB6-347CF0FD05E7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2822C00C-CF0F-0B42-899D-E9566314265A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2A67970B-4CAA-474C-81A3-091789DA44E2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2AC8D347-7401-E1DD-F447-BA69B1A171C5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2B7E95AD-F49A-B2B2-7702-10D4ABFF9B32} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2BFABD26-10E5-0CDD-D64A-C70BA8BD8E84} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2C3B82F9-8957-B27D-C371-5070E7E07D84} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2DD82132-7F0B-C9AC-510E-D7AC82ADF83B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{2FB2AF82-A6CB-27AE-14B6-70AF241F452D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{31504A42-7F23-2B60-97E8-0A7435E36855} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{31550CF5-C2D4-78A2-AF9F-D01F497AEAF3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{32FDEE89-3D00-0142-A0FE-63A0ED9E1F3C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{349E1E95-2B1A-6197-C0B2-772F2AD2A94E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{35E653B9-0A5B-823F-60FD-264CBA397F4C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{35E744B0-CC4E-AEBB-CF56-81D35094EE43} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{36827B93-DAA3-1487-F8BB-4B7DB33C50AF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3684CC39-B02B-AEC4-C91C-A50E4E18F389} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{36E15370-5FD0-D1EC-3368-C6A73C8F506F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{38EB7DA0-52FB-AADA-9FBF-2A397DD19AA1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{38EE9684-D257-A538-1F82-16D8794C8BD7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{39652FC9-57E8-9F1F-F728-8F55D9E5F49F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3A0CBAB9-F454-BEDE-BCAD-C655C43F49CF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3A2045BF-D096-E7E4-A6C5-5AEB9397B93A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C1758F7-D8DC-E38C-1C12-C2E46173BFF8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3C4AC4EC-FE88-B619-D551-78D33D1F43F7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3D3177E3-B283-0367-5485-9DB32FC7FD05} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3EAB92D7-A0DD-E8A5-8CA0-C36AA7566EC4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{3F1BB4CB-FD6D-A0D8-C38F-183CE033C2DA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{410DA365-EB6E-E2C1-2CC7-3C18259932B0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4197FF54-5C18-A7E5-9CC3-32130092E2A4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{41D03FC6-E713-D657-C73A-B846254D0077} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{42DE119E-AE63-2908-88E0-D7B611D264A1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4516ED6C-8451-CE75-8028-102D999C00AA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{49E3D1A0-374F-944D-08B1-680F990779E0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4C928477-3A6D-F1DD-A78A-1F75F7C46F82} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4CB9FE89-C678-F47B-2F95-B7988A0FC10D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4D567ABA-C061-F0F9-6007-B9B4A96FB412} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{4F766EC4-211C-AC42-9FA4-99E5B875A4CF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{51367E92-AA2E-16A5-49FF-93BFC70C151B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5376C008-43E9-B01E-C70A-C935910F0FD2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{551461B1-5C38-24A7-3B81-7F0347BA8044} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{55BE37F8-1985-13E8-CD9B-5D824C0086C6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{55FF138B-75CF-C09E-5E79-49F7277CDB38} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{56A37299-F520-CFC4-E8A8-C5D1F6A22788} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{56F16B37-AA14-CDB1-B756-942866985F16} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{57EFD24A-2070-3EB7-6F3B-2B33C71B8605} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5963141A-2623-5A16-4284-5845594CADCA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5A3D985D-E7F0-92FD-318F-8930CFEB6D7E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5A49F01C-DB30-2CD9-94E1-9A1EE41E9E0A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5AADBEE3-89AA-2B28-5FA2-418CA5491E4C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5AD1C8F8-A89B-7AC1-A165-9D86BEDAA202} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5B52EF97-ABD3-9E08-6196-8F72B312FA3A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5BCC6952-A400-DA5E-2572-D68C74339A1B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C19DA3A-627A-8F16-BA65-30D8566CB9E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C41979E-0C08-52D9-D1AE-1F0F1035ABB0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5C74F9CB-19A6-7A1A-EAF6-EB84A7061D05} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5D05DF96-D875-77AB-A229-43E7371F233E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5DBD25EB-EA8A-07D7-E366-2146A2ECD99B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E402D9E-4623-93B0-B226-EDA3D4E1E962} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E42E71F-1508-1D07-6338-29CE7B59941D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E722A74-0920-3FBA-12CA-CC2D54655906} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5E880ABF-397E-7169-9342-D26277AB758A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5EBA8955-B344-15FE-33C5-FBCADFC86742} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{5FF7BB31-38C8-9368-5FEE-A72B4BCC8B6A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6058A6AF-A24B-BA66-E865-DC92A6952B33} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6462B7E5-E422-0639-EC39-22B58C37367A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{65515E86-744B-E7DC-1764-BE40FD487890} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{65660431-63F5-78A1-8F20-B1F52EFEC50D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{65D9A653-FEE7-1F32-CC4D-FA547CDA683C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6769A68F-F4A7-04D1-E08A-2820359D21AE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{68539715-68F4-3736-04EE-20283B9FB26D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{68761BB0-227A-2D65-AE4D-75AF58D02CC6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{68E92B54-ADD4-D064-F2B8-7E97D513A494} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6982F8EB-30D8-8961-789D-1F285B499CAE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{69B1C997-149F-3393-77EE-3E7CC486A5F1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A3BB01D-5411-3AF3-1EF2-EC21C6B41EAD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6A461932-197E-A80D-B541-F0F0D6F9CEBA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6BEFD4B0-C0B5-475A-EEFC-3C81D2C22E10} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6C2A592C-2CEB-91F6-ABFC-8A6CAA196309} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6C99280C-4B42-597B-BF9C-421EE5B510FF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6CBB3396-8A31-08CB-7CEA-C211D4BCA22B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6D33AC15-1E7C-6792-3A0F-7F24E39ABC19} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6D407D80-AC38-661F-3676-30853AE56572} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6D782F8C-5DE2-3548-935C-FEBC16AA150D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6E0601E7-EB0E-50E7-CC2C-5FF9B504B11B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6E3BDCC0-A228-DCB8-7E88-ECF18F0D9B1C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6ECE769B-2D3C-88D4-F30D-E4D2878957F1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6F463FF9-350F-E2E5-5AC7-B1F7644B24D7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{6F7408EF-74FB-6985-7708-21C38BE457B2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7088E183-99D9-0B62-5F0D-9852B624FA9A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{71213EAB-AAF4-E61B-98B3-D9049B7ADFEE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{73374308-91E6-5E66-411F-8EDBA399652C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7369E702-7B86-0B57-D101-8BCC1671DEFE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{759118BB-AC07-5964-50D8-10B5ADE220AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{759EE675-E6A9-86F9-750B-6F9D78BD7C3B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75BB4F6B-5C13-57AB-D6BE-6255AE9F8D33} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{75C418BE-B320-78B0-1D35-5EA0E460E091} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{77115206-4277-3228-99E2-2B93995F46A4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7712FA8E-35A0-B2CF-ECDA-F2AEB55869AB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{793213B8-A74C-2C0F-94D1-DD4AC65FBE45} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{793699E0-D730-8772-E455-586B27DEE4F5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7A94F8C4-588B-902A-6FE2-0DC00939927E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7AADB064-A5E8-89CE-8C2D-97FBBFCEDB99} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7AEF1698-E8CD-4535-C196-EAEADE211A17} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7B655A30-5180-F198-BCAB-626D2B5A22CD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7BB26EC6-486C-3D35-E619-393731180E70} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7DD85366-D791-988B-E591-E8766F46FA72} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{7FDF80D6-8DD1-87AC-455C-99F26D3210FB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{800DD44A-1A43-4B30-5E8B-4B4290DD31A1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{805B5372-5E8D-06EA-8F76-4E177E2F0426} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{80E8CD34-35DC-961E-EADE-11A17381D170} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{81DE9EF1-9091-D3E5-B58C-E083B9CEB6D3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{82572E21-08A5-49D2-F668-E0A674D62633} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{825BF029-3C62-6A52-430D-BA42846F1741} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{834B70C4-08A7-7082-A675-EFDC4D348484} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{846F9A8E-E7DB-6F52-C00E-3F1ED8F8566C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{84726F98-05BE-A8F9-2D6E-FA2D7F559343} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{847907AA-D27C-81A4-837E-DA4770C0C391} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{84C0F02B-6633-E1F2-AEAB-B7E959784788} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{871E5A19-66EB-CF29-CC81-77FC95375D97} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{874EF24A-B4A2-BCC9-AF32-1C5D6A1522B7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{87993483-A3AD-794F-F265-DD005BD9116B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{88D23398-80FD-CCFF-2845-80C3E94F818D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{88D6255D-0E68-0875-2FBD-70E7E2C92CE7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8BCC463E-389A-AC36-B7B5-0B7AF0E04FD4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8BFBE47C-7E89-697A-150F-92CDE2CC4014} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8D4FBE2D-404E-877D-0359-34F79402CC75} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8DED84AD-BB1F-9368-1990-BB8743516D63} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8E0B929C-BD26-1EC1-6F48-E2127DBFF8F2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{8EDA2BD3-6A45-E3A2-BF45-6B2B79D7BCFF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9066F229-F7AF-E70B-FF84-8167AE9683C7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{90850E40-FE23-831C-A709-EC44CAEAE708} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{90BABD6B-DA3D-2814-4B15-345BCAAC2F67} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9101E79D-A1A7-196F-75D9-D469880131A5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{910C0916-F0CB-AF9F-5171-D6E388933C0A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{920B6A4A-446E-7C07-3F02-19E653897E63} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{933BFF75-7C0C-D7AC-9322-EB6F8F00CFAE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{933D30C5-9078-8EAC-2095-31F02FC90427} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9349E2D9-9792-5461-B625-11C9885773A4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{93521C51-4232-32FF-DA2E-3017880E087B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{96F47AAF-D627-4543-7963-7E1F138D28BF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{977907C4-FEB4-AC8C-7FEA-8B1DE9098D54} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{987B8229-55C1-631B-7094-093741C88E5A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{99078794-6831-1765-763B-9566D3697899} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9AE8676B-FF71-6D02-4787-3721FF3B52A6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9D9CB61B-156B-3C2C-B9AB-BCB95AA0D47C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9DBEE8BB-183E-C5DF-4EAC-83ACE1F34A8B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9E3985CC-E6F5-05DD-8AE5-515FD564D740} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{9F0091E8-2E44-38C9-5B56-E5DFEE402CBE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A1A0A8B0-1426-AEE6-1AF3-A0AEC3BAA6FA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A28BEDD7-6E0C-1204-7896-1396F9B1BBF9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A2E2EDE4-E2D3-F3DF-1F23-8C3BEE10E0AA} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A3B6E927-009C-404E-A6EF-F785483988BC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A3E707C2-B3DE-8848-2003-927A1A66672A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A49D52A9-DE08-47DE-6764-86D278A7683C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A509FBA3-878A-C3A5-877D-BD1BD48538C9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A516A509-5152-E8CE-BB30-277B84941D4F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A5EA1A54-9813-E2F0-7EEF-4DA8EC0D0623} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A6070790-907B-35E6-CC6A-0313881F7970} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A63C74F8-0DBF-3CFE-27F1-83B90588A4CF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A7282035-D21A-406F-F9D7-CBB7C3A1B094} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8CD2C0C-25C2-5907-83BA-410B411C8FA3} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{A8EF15EB-C199-52DA-C71D-992B49FD321E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AA0A9B7C-1E92-535C-0904-539590028603} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AA6F9854-E7A9-2FA2-2605-600B5705C69D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AAF4C942-94DA-8817-BA75-2BF770873509} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ABD7967C-3F51-655C-C22D-34A94C9679EE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AEEB8E59-9B25-8247-A3C5-C38674EF0D9F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{AF80DA50-F550-DE46-10B3-C8F6CC729CB7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B0375CCF-9532-2B4F-8D3C-3766EF4FFA65} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B043489C-6BF0-01EB-E5BD-CE306F545707} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B0FD6320-27E9-F236-D46C-1DBD5BB05BC1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B12712D7-ACFD-449A-2E4E-B5894E2E6766} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B27E8BCF-1A21-257E-958D-00B94008A3E8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B32D7557-643E-F1A2-F754-61704EFBE2CB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B3682678-24CF-8EE5-95C3-F7AE59382580} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B36BF8D0-78A6-6627-C70B-89B4CE7916F8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4A77CF6-02BF-DD85-3F0E-C3AEABCEDC8F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4C91D4F-8735-A88D-E8BE-4D168226F78A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B4F8C4E0-F516-5DEF-B102-AAF1ADBCBB04} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B564A708-4E47-CDCA-F6E8-BD3C3C34F916} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B5AF2512-211C-405D-363D-CE69CC13A318} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B81CA0C4-1209-B883-8E93-5BE66A9C1710} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B83E5A1A-1D54-995B-5E50-97D68EAB77E4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B8A40086-20B8-C1F2-809A-00534310B657} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{B9A894DA-536D-899F-404E-D315F02B92FF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BB2E6852-7961-1E70-E3C8-8433F21B7649} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BB41F0FC-B195-49CB-299A-A9413006F74C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BEC227BD-6A8F-E5C9-B843-3F5517456552} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BEE5AE94-A804-E8A2-F6F9-E353C5F4CD12} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{BFB065A2-4F3C-61BB-4A5B-FA6D452D3EAC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0CDA43E-E64A-0E70-6EE5-255BDA98213E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C0E29FD4-F512-9647-CA15-C8EB9E72B58B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C2B02E4F-20EE-6A77-E92C-429B284CE8A2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C2D3D802-55DE-AF83-8D28-DCB9E085F258} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C2FA3EAF-821F-A9B6-25C2-AF456704EDC8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C448539A-1A24-DCB9-3152-D2DCA94E1831} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C460249C-BE73-9D7B-DAA6-2381988C0497} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C92A7209-D878-CDBA-715F-0ADF6FD6C738} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{C97CB847-28A7-9898-6A69-C9307ABFC8EC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CAF4D771-8A18-BC86-F551-A768543394E9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CB61DEDF-E312-A962-E41A-8D231515AAF0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CBDAA0C1-DA0C-BE5F-6F7B-55B862852761} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CC47DD3F-46F7-6813-D89E-37FD2658A254} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CC67ADD3-8236-844B-5732-907E26BCF629} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{CDB4C593-51F3-707C-16B1-79408C952763} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D02E3516-4F75-FF8B-5AFE-ABA68C35CDCE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D0F03457-32E5-5715-6CDD-72C94F05ABBE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D0FA4573-5875-8801-7435-2625AB6EFC42} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D1B77085-930D-7845-2B1E-10B33DE519D9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D249D817-722E-0E58-A372-0C213DCEDBA7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2791DC8-E844-20C6-064B-0E07A6489FE8} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D2ABAA1C-3D1A-AA15-B41E-6D61C89C2341} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D484824D-0E29-349E-95D0-42852CE4070B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D4B62290-D1BC-E419-EF26-71766EF1A30E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D4D79959-249E-1F37-9F29-E86D52D9EF02} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D5070CD8-B904-C451-6A5E-A3F4A72B627C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D55C13C3-AAF3-B1F4-0CB5-DD79312066D6} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6EF05C6-13C4-35B7-58BF-46C5B6FB102B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6F7942A-2903-FD22-A0E5-7716B284A428} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D6F96C8F-4512-A517-5DA8-FB1C35C3D1C0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D7354571-3ADB-E652-F8E9-370A1EDAA77F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D80CE059-1E97-4BD7-DBD9-98766CDFC985} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D9844A71-2B40-71E7-2308-43F27CD08898} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{D9E403FE-9154-878A-7820-16B2AF6C9AEE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DA8BCEAC-868D-B23F-E878-624A84A6995A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DAD64CB5-6A52-35C2-38BD-73771485436C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DC988C7D-27C4-83F6-2A8E-BFD0D7C489CF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{DE2E18F3-E44D-115C-6A8C-1AE89883EC75} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E0AB80CE-D9B6-AA3C-04B0-CAB826F2291F} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E14C016F-0342-89AD-D475-D4092601854E} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E3C75ADD-28CA-1552-C53A-CB5117FD483C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E4410E41-BFC6-F741-B0FA-9FF5146F9091} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E5AC69B4-006E-2FF7-BB25-3C43062AD4EF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E5C2D602-2087-204F-D786-53DF4AD315C1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E5DA52CD-7934-85DB-C826-C69901B51085} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E686FA0B-6D47-10E4-FC7D-A620410395A5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E7D81EED-B541-7599-12F8-80A7D852B313} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E7E96580-83F1-EE7A-6EF3-EC2A802C932B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E8EF00C1-9331-0936-FB07-5383204F68D0} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{E92848F3-1020-400A-46C4-E137E0603588} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EAB76292-5DD2-1DC9-D5FB-E69DE2ECC235} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EAE85F1A-E64B-769F-715F-68F9CE2788F7} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EAEA7E42-2EFC-13EE-A0A9-5979E3A224CD} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED81D60C-C426-844A-2785-263DC930B5C4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{ED9A9904-1A77-7088-1F23-D2794EDA2131} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EDCB31B0-4821-FE62-875A-52D24E43E8CB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EDCEAC15-AF3E-C5F1-8804-D0FCA512F9C1} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EE71153F-A475-D907-4830-2E5DA2FF99FB} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{EE9651FF-BAC2-5AC2-F05A-4F78D61ADF97} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F007D83D-E7B6-F6E1-AE66-146D284B5A3C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Classes\CLSID\{F0E16BEF-D89D-E599-8205-FED1F4920959} -> Adware.CoolWebSearch : Cleaned with backup (quarantined).
HKLM\SOFTWAR

#8 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 25 February 2007 - 02:55 AM

Hi, your avg antispyware log looks like its been cut short, can I see the whole log please. May take a few posts if it's long. Did you carry out file deletions, only we may have something which is preventing the fix from working? dan

#9 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 25 February 2007 - 09:30 AM

Hi asat00

Again! I must point out you are not running HJT from it's own folder, please carry this Instruction out from my previous post.

Download Pocket Killbox and unzip it; save it to your Desktop.
DO NOT RUN IT YET.

Re-boot into safe mode

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE
Now we can delete those files.
  • Copy the following list to the Clipboard.

    C:\WINDOWS\system32\wingc32.exe
    C:\WINDOWS\ipqo32.exe
    C:\WINDOWS\netdh32.exe
    C:\WINDOWS\iezc32.exe
    C:\WINDOWS\d3yj.exe
    C:\WINDOWS\sysqi32.exe
    C:\WINDOWS\system32\apixb32.exe
    C:\WINDOWS\atloi.exe
    C:\WINDOWS\atlpo.exe
    C:\WINDOWS\apina32.exe
    C:\WINDOWS\system32\iemq32.exe
    C:\WINDOWS\system32\msoq32.exe
    C:\WINDOWS\ipea.exe
    C:\WINDOWS\d3ye.exe
    C:\WINDOWS\apimw32.exe
    C:\WINDOWS\d3si32.dll
    C:\WINDOWS\crwq32.dll
    C:\WINDOWS\ntdr.dll
    C:\WINDOWS\system32\crfo.dll
    C:\WINDOWS\system32\windv32.dll
    C:\WINDOWS\javaat32.dll
    C:\WINDOWS\iphp32.dll
    C:\WINDOWS\javasb.dll
    C:\WINDOWS\system32\ntdc32.dll
    C:\WINDOWS\syskg32.dll
    C:\WINDOWS\system32\atlmu32.dll
    C:\WINDOWS\d3mz32.dll
    C:\WINDOWS\apixo.dll
    C:\WINDOWS\system32\javavk.dll
    C:\WINDOWS\system32\appms.dll
    C:\WINDOWS\addji32.dll
    C:\WINDOWS\addji32.dll
    C:\WINDOWS\system32\javavk.dll
    C:\WINDOWS\apixo.dll
    C:\WINDOWS\d3mz32.dll
    C:\WINDOWS\system32\atlmu32.dll
    C:\WINDOWS\syskg32.dll
    C:\WINDOWS\system32\ntdc32.dll
    C:\WINDOWS\javasb.dll
    C:\WINDOWS\iphp32.dll
    C:\WINDOWS\javaat32.dll
    C:\WINDOWS\system32\windv32.dll
    C:\WINDOWS\system32\crfo.dll
    C:\WINDOWS\ntdr.dll
    C:\WINDOWS\crwq32.dll
    C:\WINDOWS\d3si32.dll
  • Start Pocket Killbox.
  • Click Delete a file on reboot.
  • Click File
  • Select Paste from Clipboard.
You should see a file name from the list above appear in the window under
Full Path of File to Delete
____________

please post a new HJT log

#10 asat00

asat00

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 26 February 2007 - 01:37 AM

You'll have to let me know about this one. I downloaded the killbox and did as requested but when I went to file and selected paste from clipboard, a file name did not show up under "full path of file to delete." So instead i just right clicked and pasted it. Should be the same thing i think. I was unsure if I did the trick or if the program was supposed to show some kind of progress bar or something like that. If so it did not. If anything sounds fishy to you I may just need to re-download the program and try again. I have pasted hjt into its own file as well. Thank you and thanks for being prompt.

Logfile of HijackThis v1.99.1
Scan saved at 1:30:39 AM, on 2/26/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\POS\Desktop\New Folder (2)\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
O4 - HKLM\..\Run: [Explorer.EXE] C:\WINDOWS\explorer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: SCPopup.lnk = C:\Program Files\SHARP\PixLab Lite Pack\SCPopup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130568272023
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...489/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\POS\Desktop\CWShredder.exe (file missing)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: WMP54GXSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe" "WMP54GX.exe (file missing)

    Advertisements

Register to Remove


#11 asat00

asat00

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 26 February 2007 - 01:43 AM

Sorry here is the last piece of the AVG antispyware log as well. I double checked that I was sending you the next piece that was missing on my previous AVG post. Marshall HKLM\SOFTWARE\Classes\CLSID\{F18B8F19-2940-0876-54D4-FBE52283D28C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F25B6C71-8EE6-F1C8-5F26-6E0E3367B6DE} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F52FB340-741E-A8BC-5D8E-A709338ECFBC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F5E678D4-39B4-DBD3-3D03-5CE4D3E7398A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F6C8BCE2-FBA5-9DB6-B6F3-EBAA27151449} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F710B350-342B-CDD4-0BB3-EFD563F6AFF2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F74BE206-1DFE-36CA-AD40-4E17A18DEFF4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F76604BF-96C5-81C9-07E5-094D1BB88043} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F84C1CC5-9D74-621C-DC89-61AE7E705D00} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F84CD05B-7AC6-704D-1455-2625BA680123} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F8F3F015-ABD7-A149-66D2-1C1208C9602A} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{F9AD27F1-50B4-A52F-10E5-9CAEB34A9715} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{FA2FF9C4-E94D-FE79-BCE7-7E98CBB1DF15} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{FA6A3A0D-D848-BCFF-0F1B-3F3BAC75DED9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{FC342AEE-9B3F-4CAE-6393-6850AD0618F4} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{FC72CC24-F754-BD19-FD0E-852C1775E57D} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{FE0AAB93-86EB-567D-1206-035BABA516D5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{FF394C8B-7899-97DB-8475-1BD5A14319C2} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\CLSID\{FF9D8570-3BC8-F0CD-955B-16B58824EB57} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{09419588-4A35-B532-FA96-5DD0086ED758} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E7061C4-43FC-71F4-46DC-05A0D8524F6C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95965495-1470-4C61-CFC6-92CC68BB586B} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9AF830EE-B4FC-5AE7-09FD-EE99691152F9} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A242E683-72B0-E8A6-630D-7874F7A00AAC} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEA2292E-DF45-792C-43F0-55DA48450852} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0367C2E-B56C-E211-63D0-EFD035F6EADF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA97183C-849F-18AC-10FF-F7B7B52D6B07} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3D292B4-683A-18D1-852B-943823CD81BF} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E350DCDC-9A76-985D-AE90-CDD6F5D74D1C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E6793744-4C7D-13BC-5DB0-7657683A0CE5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E6A5DEB6-DFBB-FF53-9851-961BC9F9B592} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E8A46B07-DD84-7F8E-270C-FF55E437585C} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FEB83F4D-CC42-5BB2-2F5F-FF52E5B474D5} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). HKU\S-1-5-21-776561741-1677128483-1343024091-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FF44CFF2-75F6-EC14-97CF-F61DFA427C09} -> Adware.CoolWebSearch : Cleaned with backup (quarantined). C:\Documents and Settings\All Users\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\Guest\Application Data\Starware -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\Guest\Application Data\Starware\MasterOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\Guest\Application Data\Starware\ToolbarOptions.xml -> Adware.Starware : Cleaned with backup (quarantined). C:\Documents and Settings\Guest\Application Data\Starware\shared_weather.xml -> Adware.Starware : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\Common.Buttons -> Adware.WebSearch : Cleaned with backup (quarantined). ::Report end

#12 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 27 February 2007 - 11:11 AM

Hi asat00

Logs looking a lot better.

You did well creating the folder on the desktop for HJT but you didn't name the folder!
"C:\Documents and Settings\POS\Desktop\New Folder (2)\HijackThis.exe" Go to "New Folder (2)" right click > rename it " HJT"
______________


Optional - VIEWPOINT MANAGER
Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.co...cle.php/3561546
Additional info:http://vil.nai.com/vil/content/v_137262.htm]Here[/url]
I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.
  • Viewpoint
  • Viewpoint Manager
  • Viewpoint Media Player
  • Viewpoint Toolbar
Your call.

To provide a satisfying consumer experience and to operate effectively, the Viewpoint Media Player periodically sends information to servers at Viewpoint.
Each installation of the Viewpoint Media Player is identifiable to Viewpoint via a Customer Unique Identifier (CUID), an alphanumeric identifier embedded in the Viewpoint Media Player.
The Viewpoint Media Player randomly generates the CUID during installation and uses it to indicate a unique installation of the product. A CUID is never connected to a user's name, email address, or other personal contact information.
CUIDs are used for the sole purpose of filtering redundant information. Each of these information exchanges occurs anonymously.'

________________

Your Java is out of date Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says " Java Runtime Environment (JRE) 6".
  • Click the "Download" button to the right.
  • Check the box that says: "Accept License Agreement".
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.
Please include new HJT log, and let me know how your system is at this point in time?
in your next post
Thanks dan

#13 asat00

asat00

    New Member

  • Authentic Member
  • Pip
  • 12 posts

Posted 27 February 2007 - 02:55 PM

Here is the latest. I'll let you know how the system is running soon. I want to give it some time to see if it "dumps the physical memory" as it has done in the past. I do have some questions though. here goes.

I still have a lot of svchost.exe running. 7 to be exact.
SVCHOST.EXE LOCAL SERVICE 2832k
SVCHOST.EXE NETWORK SERVICE 1176k
SVCHOST.EXE SYSTEM 1904k
SVCHOST.EXE SYSTEM 18,152k
SVCHOST.EXE NETWORK SERVICE 1420 k
SVCHOST.EXE SYSTEM 692k
SVCHOST.EXE SYSTEM 1524k

I dont know if you'll be able to make any sence of this just from the information provided but I know that SVCHOST.EXE is one of thoes processes that can be a trojan or not.

Also, I have questions about programs that are on my system that I do not think that I have used and want to determine if I can remove.

BCL easyPDF SDK 4.3
BHA B's Recorder GOLD 3.14
BlackICE
B's Clip
Creative Jukebox Driver
CuteFTP 5.0 XP
HPC Notes 3.03
HPC Notes Lite Edition
Spinner
Wingman Software

Any info on these programs that you may be able to provide would be great. I'm not sure if I have even provided sufficient info for you. Let me know.


Logfile of HijackThis v1.99.1
Scan saved at 2:39:25 PM, on 2/27/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WMP54GX.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\POS\Desktop\hjt\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PMXInit] C:\WINDOWS\system32\pmxinit.exe
O4 - HKLM\..\Run: [Explorer.EXE] C:\WINDOWS\explorer.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0\bin\jusched.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [MtdAcq] C:\Program Files\Creative\Shared Files\Media Sniffer\MtdAcq.EXE /s
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchPd.EXE"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: SCPopup.lnk = C:\Program Files\SHARP\PixLab Lite Pack\SCPopup.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\inetrepl.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell....iler/SysPro.CAB
O16 - DPF: {288C5F13-7E52-4ADA-A32E-F5BF9D125F98} (CR64Loader Object) - http://www.miniclip....pGameLoader.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/...dy.cab32846.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - http://www.symantec....trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - http://www.symantec....trl/tgctlsr.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/...at.cab32846.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1130568272023
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/...ol.cab36107.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/...xy.cab41227.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...489/mcfscan.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BCL easyPDF SDK Loader (bepprldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 4\bepprldr.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: CWShredder Service - Unknown owner - C:\Documents and Settings\POS\Desktop\CWShredder.exe (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WMP54GXSVC - Unknown owner - C:\Program Files\Linksys Wireless-G PCI Adapter with SRX\WLService.exe" "WMP54GX.exe (file missing)

#14 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 28 February 2007 - 11:14 AM

Hi, have not forgot you I will be looking into your queries. Do not touch, those svchost.exe files they are legitimate! Have been busy at work. Hope not to keep you too long. Dan

#15 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 01 March 2007 - 11:57 AM

Hi asat00

Hi, this tutorial may make you understand "svchost.exe" a lot better and understand why there are a many Instances running on your machine

Blackice is a firewall but it is not active so, you can remove via add and remove.
most of the other programs if you have not used them or downloaded them you can also remove.
____________

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:

    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above.
  • Re hide your system files. To do so, please follow the steps below:
    • Double-click My Computer.
    • Click the Tools menu, and then click Folder Options.
    • Click the View tab.
    • Put a check by
      Hide file extensions for known file types.
    • Under the
      Hidden files
      folder, select
      Do not show hidden files and folders.
    • Check
      Hide protected operating system files.
    • Click Apply, and then click OK.
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


Stand up and be Counted.

NOW is the time you can start to hit back at the people who infected you.
Posted Image
Please take the time to go and complain - that forum has a topic for your infection which is ................ please post as a reply, you do not need to register to do so (but you can if you wish). It will also have a list of other places you can go to to register your complaint, depending on the country you are resident in. Please read the topics and complain, it is only with such complaints to goverment or government agances that something will get done.


>> Here << you can see how you can help us.

Regards dan

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users