Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Popups and Spyware Toolbar--HELP!

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
I recently formatted my harddrive and installed Windows XP Professional onto this computer. The first thing I did was download/install the latest versions of Spyblaster, AVG Free, Spybot, Ad-Aware, and the Google Toolbar. I also turned on XP's firewall. Still, I believe I've managed to get spyware that these programs will not remove. I get Aurora pop-ups, and there is a toolbar on Internet Explorer that I did not install and that takes me to a Search Website when I try to remove it. Also, I noticed there is a folder in WINDOWS called "srchasst," which I think I remember seeing as being related to the Coolwebsearch trojan. I downloaded HijackThis, and here is the logfile. If anyone could help me, I would REALLY appreciate it...this is driving me nuts! Thanks, Sarah

Logfile of HijackThis v1.99.1
Scan saved at 11:03:53 PM, on 6/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

R3 - URLSearchHook: (no name) - {FD02D562-8731-C6CA-5FA0-C01310FE129E} - abrek.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\gnzse.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Internet Explorer Hot Fix - {703F9849-BBA3-4E97-9751-75845F0611A4} - C:\WINDOWS\System32\rstec.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\gnzse.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [coppov] c:\windows\system32\ubpkpm.exe r
O4 - HKLM\..\Run: [NsCplTray] AppMasterCenter.exe
O4 - HKLM\..\Run: [MONITER] atl_helper.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [ssweeper] Trayz.exe
O4 - HKCU\..\Run: [PasswdMon] FLKPT.exe
O4 - HKCU\..\Run: [dialer423] driver64.exe
O4 - HKCU\..\RunServicesOnce: [washindex] c:\Program Files\Washer\washidx.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BF15495-4AC9-4087-91B4-AE4BF3CD42B2}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\..\{6252C64E-5473-4DDD-93B6-6199C0C40CE2}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BF15495-4AC9-4087-91B4-AE4BF3CD42B2}: NameServer =,
O20 - Winlogon Notify: style2 - C:\WINDOWS\q407471693_disk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0


Retired Tech

Retired Tech

    Retired Staff

  • Retired Staff
  • 20,563 posts
Malware is best dealt with by the Malware Team.

Please go here


Please run all the programmes as advised and then post a current Hijack This log to the Malware Section
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP