Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Windows Explorer Crashes...malware?

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
I recently formatted my harddrive and installed Windows XP Professional onto this computer. The first thing I did was download/install the latest versions of Spyblaster, AVG Free, Spybot, Ad-Aware, and the Google Toolbar. I also turned on XP's firewall. Still, I believe I've managed to get spyware that these programs will not remove. I get Aurora pop-ups, and there is a toolbar on Internet Explorer that I did not install and that takes me to a Search Website when I try to remove it. Also, I noticed there is a folder in WINDOWS called "srchasst," which I think I remember seeing as being related to the Coolwebsearch trojan. I downloaded HijackThis, and here is the logfile.

I saw the instructions about what to do before posting a hijack this log. I downloaded CleanUP and ran it, and it said it was complete and to restart the computer. However, when I restarted the computer and since that time, windows explorer crashes every 10 seconds. I discovered that WareOut had somehow been installed on this computer, so I went into safe mode and deleted the folder "srchasst" from the windows directory and "wareout" from program files (I think). I was able to run adaware, avg, and spybot, but I was not able to download and run some of the other programs.

If anyone could help me, I would REALLY appreciate it...this is driving me nuts! Thanks, Sarah

Logfile of HijackThis v1.99.1
Scan saved at 11:03:53 PM, on 6/8/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 6.0\Reader\AcroRd32.exe

R3 - URLSearchHook: (no name) - {FD02D562-8731-C6CA-5FA0-C01310FE129E} - abrek.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\gnzse.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Internet Explorer Hot Fix - {703F9849-BBA3-4E97-9751-75845F0611A4} - C:\WINDOWS\System32\rstec.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: SearchToolbar - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - C:\WINDOWS\System32\gnzse.dll
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [coppov] c:\windows\system32\ubpkpm.exe r
O4 - HKLM\..\Run: [NsCplTray] AppMasterCenter.exe
O4 - HKLM\..\Run: [MONITER] atl_helper.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [ssweeper] Trayz.exe
O4 - HKCU\..\Run: [PasswdMon] FLKPT.exe
O4 - HKCU\..\Run: [dialer423] driver64.exe
O4 - HKCU\..\RunServicesOnce: [washindex] c:\Program Files\Washer\washidx.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O9 - Extra 'Tools' menuitem: Start spyware remover - {BF69DF00-2734-477F-8257-27CD04F88779} - C:\Program Files\WareOut\WareOut.exe (HKCU)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2BF15495-4AC9-4087-91B4-AE4BF3CD42B2}: NameServer =,
O17 - HKLM\System\CCS\Services\Tcpip\..\{6252C64E-5473-4DDD-93B6-6199C0C40CE2}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{2BF15495-4AC9-4087-91B4-AE4BF3CD42B2}: NameServer =,
O20 - Winlogon Notify: style2 - C:\WINDOWS\q407471693_disk.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
  • 0


Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP