Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

hijackthis log [CLOSED]

Started by sniper5 , Oct 03 2005 03:36 PM

  • This topic is locked This topic is locked

#1
sniper5
Posted 03 October 2005 - 03:36 PM

sniper5

    New Member

  • Member
  • Pip
  • 8 posts
my computer is acting all funky all of a sudden and i was just wondering if someone could check out my log to make sure everything is runnin ok ....it would be greately appreciated...thanks

Logfile of HijackThis v1.99.1
Scan saved at 5:34:58 PM, on 10/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\PestPatrol\PestPatrol.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\kbbye.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
O4 - HKLM\..\RunOnce: [PPClean Remove at boot] C:\PPCleanDeleteAtReboot.bat
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Program Files\PestPatrol\ppclean.exe" clean ts:20051003172737484 suite 2
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
greyknight17
Posted 03 October 2005 - 03:57 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Please download Ewido Security Suite at http://www.ewido.net/en/download/.

1. Install Ewido Security Suite.
2. When installing, under 'Additional Options' uncheck:
* Install background guard
* Install scan via context menu
3. Launch Ewido, there should be an icon on your desktop, double click it.
4. The program will now open to the main screen.
5. When you run Ewido for the first time, you will get a warning 'Database could not be found!'. Click OK. We will fix this in a moment.
6. You will need to update Ewido to the latest definition files.
* On the left hand side of the main screen click update.
* Then click on Start Update.
7. The update will start and a progress bar will show the updates being installed. The status bar at the bottom will display 'Update successful'.
8. Exit Ewido. DO NOT scan yet.

If you are having problems with the updater, you can go to http://www.ewido.net...wnload/updates/ to update manually.

Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknigh...spy/CleanUp.exe ) and install it. Don't run it yet.

Download AboutBuster http://www.greyknigh...AboutBuster.zip and unzip the files to a folder on your Desktop. Run AboutBuster and click OK. Click Update button to see if there are any updates. Close the program now.

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.

CleanUp! deletes EVERYTHING out of your temp/temporary folders, it does not make backups. If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp!. Run CleanUp! and click on the Options button. Uncheck 'Scan local drives for temporary files'. Also uncheck those two Newsgroup entries if you don't want to delete them. Click OK and then click on the CleanUp! button. Let it run. After it's done, choose Yes to logoff.

Now open Ewido and do a scan on your system.

* Click on scanner
* Click on Complete System Scan and the scan will begin.
* NOTE: During some scans with Ewido it is finding cases of false positives.
o You will need to step through the process of cleaning files one-by-one.
o If Ewido detects a file you KNOW to be legitimate, select none as the action.
o Do NOT select 'Perform action on all infections'
o If you are unsure of any entry found, select none for now as the action.
* Once the scan has completed, there will be a button located on the bottom of the screen named Save report
* Click Save report.
* Save the report .txt file to your desktop or a location where you can find it easily.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\kbbye.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe

Run AboutBuster and click Begin Removal button. Once that's done, just hit the OK button. Click Exit once you are done. Click the OK button and it should exit. Open up the 'Ab LogFile.txt' (which was created in the same folder as AboutBuster) and post the log here.

Uninstall WildTangent via the Add/Remove panel.

Locate and delete the following:

C:\WINNT\system32\kbbye.dll
C:\Program Files\WildTangent\
MediaPIayer.exe

Restart your computer. Post the logs for HijackThis and Ewido. Also give me the AboutBuster log (should be in the same folder as AboutBuster.exe).
  • 0

#3
sniper5
Posted 03 October 2005 - 05:43 PM

sniper5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
ok here we go

hijack...........

Logfile of HijackThis v1.99.1
Scan saved at 7:40:23 PM, on 10/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINNT\system32\kbbye.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [AOL Messenger] aolmsngr.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Windows Media Player] MediaPIayer.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:28:21 PM, 10/3/2005
+ Report-Checksum: 7FF1BB38

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00720407-D33F-E9D7-BA6A-EFF3C7369D45} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{040404F9-0E14-1E0A-0930-C8A6A6C8A370} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0458C7E1-967D-72B5-37E0-291214822599} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0624B040-512E-D4FA-B655-4B4E23B12400} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0679EF96-D81C-8D4E-646E-E0B540146CAD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0AA0087A-593D-F517-11A6-C2CC0A729D7B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0AC06EDE-DB03-5DF7-8CBC-35C203487A0E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0B936818-A83D-004A-625A-757B4D758CC6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0E561666-F4B5-BA9C-AC2C-2188C8BABE0D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1181F853-6559-09CE-FB4F-030C47DFD511} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{13898BD6-0873-1991-8C89-C965424CDB1C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{138BEA7D-A481-0958-8EE3-118DD0E44A70} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{172CE92C-E4E0-AEEB-AA20-519B86D226D2} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{178C5B77-2E39-0654-871E-0E57C19AC990} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{18004C72-FF82-0C0D-5369-B1D1EE8CAE66} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{1C8A8318-3BD3-8211-EB1B-F7572064AC94} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{21E9ECE9-A25C-5B85-91EC-4B8984A7398B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2594E242-D05A-49E5-6977-586A6E43C236} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2621D1BF-0A92-2D9C-E595-02A9C3F76F46} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{27A9291C-6514-9E2F-B4EA-9632FCD35088} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{289D8014-C5D0-DD4A-4477-89F1D0FD36D4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{29F1D625-8BC0-9364-C57C-DB62035ABD50} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{2E8D3124-8795-041A-5AB5-A483013BABE7} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{30FA22DA-655C-8D03-D4AA-26FCAD35FF51} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{33DA09FC-0D84-29B4-815F-CC48795929D4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{341A52CC-1175-A18B-2D4A-5337F1B83F32} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{348788DE-6C97-073B-B905-41EC15386AB0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{353AF24E-33EA-EE7F-BE3D-A23F1D28794B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{36AA3E94-B87C-8EC0-6007-AD9B9FBF819A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{372B4E2D-E7C0-C8A4-5883-3986FCBB04EF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3750B1DE-B02D-8BEE-436B-460338740062} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3C6A44B1-C740-E707-AB61-A1426E9FD3B4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3C804100-83AA-D2DC-7F27-0179572F004B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{3D353C37-6A5E-2292-3370-D6D7CFDEDD7B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4007CEA0-6A72-F0B3-35E8-D6CC66C99125} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{48479316-8430-FCDF-EC3B-0FDEF4DB331B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4A7E0ADF-C8A2-08D3-D46C-91318C2CD9A4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4B04EEFD-800A-9B4B-6BDB-0DA206858EC3} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{4D6EB24B-C91F-B30B-36A7-8C8B04CBD9E1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{53741D3E-19CE-5959-0908-3BB13C3C3990} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{53B9EE38-47AC-238E-78A2-7AC3BDB37714} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{56843B6D-BC1B-2432-BBEC-436B1258F6CB} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{56CB8513-8464-5208-B4AA-4300B6F7BC0B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{57E2A8F4-A957-3F30-9323-88485335C5DC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{57E3366A-84A8-8E7A-61A4-31449D4C2413} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5A189601-435E-D784-F23F-4818C96DF3B8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5DE1550F-2B6D-0567-AE84-78CBCF6EB23D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{5FF24E15-6EBA-3DC5-3667-DF8238F4A983} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{64B8A81F-E339-FCB7-FADA-09397A02D452} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{64D82589-29F3-2E0B-3E93-D3211A1486C8} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{675C169C-61D1-C7D6-27C1-8449CF480063} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{699113A2-49E5-44BD-2784-F9938F15CF49} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{6CE958B9-F78B-A9AC-5B7C-DF763EB74A46} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{70E3122C-2CC1-FF16-DCB8-C81F822CE66E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{71F44915-5766-C5C7-3C57-A12032FD310A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7359F8C5-7626-32C9-DA3E-ECDBA6CDF831} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7470F262-EE76-4C96-C6B1-C89A02CDC7FF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{760FB9E7-DA45-A826-D786-D27D86EFC72B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7ABA38B1-A3F5-9427-63B6-8D5BE47F286C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7AF33936-F509-7B5B-3543-5683A3F53B9E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7C10B49D-43C1-410D-4A89-2B04D6CC771F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7D9A6801-DBCC-24FC-4649-FFA8D23DBF74} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{7E562404-C395-FEAE-9587-21D1288BA8BF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{80010426-C366-9F5D-EAF5-3372D821F450} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8AF0CE5C-0848-E7E5-02CB-B252B04F77E0} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8B063FED-B6F3-D54F-5095-1514837FDE78} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8BB188A2-F9AA-477D-2035-FA99EFEC0F01} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{8CEB942A-6387-5FED-7738-D0E08174D604} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{92854EC1-0623-4E3A-3993-F60435FEDF74} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{92D7DCD2-63F4-0E70-A433-12EFE2034F46} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9D9C966E-BCAD-2026-0FC7-A72060B03A20} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9E092A6B-8DF7-DD49-A446-0B78BFA0CE8D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9E590345-2CAF-3710-CEAE-2B56767589B6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{9E680E41-ECFF-E677-B3C2-F038A1610215} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A07C4313-E5DD-295B-3CB0-B58801EC2EFA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A229042B-0D56-44A6-85DB-13CF1C4E9FD6} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A8DD0457-F5DB-B7C1-E57D-49139314A8E1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{AA47A94E-B84E-A5D9-4A73-D564A38CB815} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B10E10B3-EFD4-95A4-8739-4A5B7AEC5144} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B5118A3C-350A-DBFB-69D9-C4545A25ABAD} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B5A0FE9C-4E0E-AF27-88E5-BEFEDE2FDEDC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B81896EA-E0AA-92AA-BF67-14B1C8C5A7E4} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{B9151215-9C3C-B7E7-938D-323591EBABFC} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C42B6F50-4A94-B91F-795D-1960E04E69B5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C5C18C98-557D-958A-1A23-ADFC8C71090A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C7E41C93-707B-3166-9CC7-21210F194A79} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{C8D54406-6EF3-7F0E-38BB-D6313B9FD92D} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CA506350-30DA-EC13-A539-96006486BF9E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CADFA65E-4FCB-1293-5B86-BB4EFA30F1EE} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{CE6391C4-346E-13E9-03A2-E8708CCA3B6A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D0405C5D-5964-84A4-169D-50AA4563009C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D5461ECE-49CF-A4AC-66D0-DFBB070B64D7} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D5A169C9-13B9-716E-4E85-C5E11BCD04D5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{D6BBE15F-ADE1-1EF0-ABE1-254173A0D93A} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DE9397AD-2ADF-5CE4-86D5-14631815B3F1} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DEFE8426-F54F-3D27-684C-5A0FEE618E60} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{DEFEF05D-61BA-2BFB-DB34-AB118C6A8498} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E1400B80-8B8F-0120-3B81-D4B058765282} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E4564D6D-4921-87B7-0C6A-2097D907B4A5} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E63E927A-86D0-9904-89A5-12291C12FD61} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{E936A7D5-783D-AEC2-11BD-6C9572C24E18} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EAB8E947-455C-66FD-20B6-4C8970BABBFA} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EB58C429-3960-27B6-0419-4B5688569E6C} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{EBA828AA-649D-3713-760D-64B032DB3F26} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F1A16D01-6E18-B984-B2B4-58741C35C427} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F4E37E5E-CA54-770B-0535-743F4FF8EE5B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F508A827-A988-75DC-2FBE-C460DACBB132} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F61C6A80-6232-DD79-A5DA-0C16D4A99041} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F6EB941E-9DCD-6E07-E139-D2AB90BAAE62} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{F744D56B-27F0-F7D0-153A-91C124D4089B} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FA1512CD-055E-ED1E-19B6-F1C5165E6B1E} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FA19ACFC-7B78-FCC9-847A-0350FF6F5E07} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FD657148-CFF7-B0FA-3DF2-27DD4B37658F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{FEC51603-6BCA-8E17-7B90-00C2EE37143F} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Image.Image -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Image.Image\CLSID -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Image.Image\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Image.Image\CurVer -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Image.Image.1 -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Image.Image.1\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Ignored
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource\CLSID -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource\CurVer -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource.1 -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource.1\CLSID\\ -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22}\URLSearchHooks\\{FD9BC004-8331-4457-B830-4759FF704C22} -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEFeatSL_Uninstall -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchHook -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShowSearch -> Spyware.CoolWebSearch : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Ignored
HKU\S-1-5-21-3779595728-2907002829-2663657440-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22} -> Spyware.CoolWebSearch : Ignored
:mozilla.13:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.14:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.15:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Casalemedia : Ignored
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Yieldmanager : Ignored
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Falkag : Ignored
:mozilla.89:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.90:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.91:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.92:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.93:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.94:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.95:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.96:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.100:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.102:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.103:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.104:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.105:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.115:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.116:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Sexcounter : Ignored
:mozilla.137:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.138:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.151:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Com : Ignored
:mozilla.206:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Statcounter : Ignored
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.230:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Googleadservices : Ignored
:mozilla.255:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
:mozilla.256:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\lus3f9k3.GDB\cookies.txt -> Spyware.Cookie.Clickzs : Ignored
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Ignored
C:\Downloads\HotRodASD-dm[1].exe -> Spyware.Trymedia : Ignored
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP442\A0110811.exe -> Adware.SaveNow : Ignored
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP479\A0139709.exe -> Adware.SaveNow : Ignored
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147743.exe:vcbxk -> TrojanDownloader.Agent.ap : Ignored
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147745.exe:gicdq -> TrojanDownloader.Agent.bq : Ignored
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147746.fin:wlmij -> TrojanDownloader.Agent.ap : Ignored
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147746.fin:xrnur -> TrojanDownloader.Agent.bq : Ignored
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147747.pif:chddqb -> TrojanDownloader.Agent.bq : Ignored
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147747.pif:kpsyor -> TrojanDownloader.Agent.bq : Ignored
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147747.pif:lkwffg -> Spyware.OneMoreSearch : Ignored
C:\WINNT\Active Setup Log.txt:yvybl -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\czvow.txt:tdjfa -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\daocc.txt:sisec -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\docwi.log:gndam -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\fblrp.txt:dbamed -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\fhpfz.dat:xgqvb -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\gndam.log:reukpi -> Spyware.OneMoreSearch : Ignored
C:\WINNT\Gone Fishing.bmp:aoiawf -> Spyware.OneMoreSearch : Ignored
C:\WINNT\ihnqs.log:zklnij -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\jpcli.log:docwi -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\KB817778.log:tlemji -> Spyware.OneMoreSearch : Ignored
C:\WINNT\KB821557.log:oinpf -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\KB825119.log:vjqqc -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\KB828035.log:jcbto -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\KB828035.log:nkiww -> TrojanDownloader.Agent.cd : Ignored
C:\WINNT\KB835732.log:cdtzr -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\KB839643-DirectX9.log:rjkhpo -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\KB840315.log:uvmel -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\KB840374.log:kkvnrz -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\ljrov.log:niocr -> TrojanDownloader.Agent.kd : Ignored
C:\WINNT\msoffice.ini:skxnq -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\mucvy.log:qckai -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\muninst.exe:dzljy -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\nkiww.txt:llqts -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\nsreg.dat:lmmpej -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\nsreg.dat:wzdps -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\ODBC.INI:ulqoc -> TrojanDownloader.Agent.an : Ignored
C:\WINNT\oeuninst.exe:rdoyt -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\oobeact.log:kdhlv -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\pcdlib32.dll:fntzz -> TrojanDownloader.Agent.cd : Ignored
C:\WINNT\Prairie Wind.bmp:rlrmk -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\Q328310.log:kmkrm -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\Q329390.log:lovcew -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\Q331958.log:epnhyh -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\Q810565.log:ybblvg -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\Q814995.log:jdeers -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\Q815021.log:ceyoi -> TrojanDownloader.Agent.kd : Ignored
C:\WINNT\Q828026.log:nfbge -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\QUICKEN.INI:ereflf -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\Rhododendron.bmp:wswsni -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\SlantAdj.dll:veqba -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\Sti_Trace.log:gfbmw -> TrojanDownloader.Agent.cd : Ignored
C:\WINNT\ubrtg.log:cbqri -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\UNNeroBurnRights.exe:vcbxk -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\uxclf.log:abbew -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\uxclf.log:xanqvi -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\vxgjl.txt:sctjy -> TrojanDownloader.Agent.cd : Ignored
C:\WINNT\wiaservc.log:gtkyqs -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\WindowsUpdate.log:dkbvp -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\WindowsUpdate.log:ztdlsd -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\winhlp32.exe:gicdq -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\winiini.fin:wlmij -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\winiini.fin:xrnur -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\wmsetup.log:psgzt -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\WMSysPrx.prx:rjnwn -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\WMSysPrx.prx:yrliv -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\xapzc.txt:kkxbh -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\ybugw.txt:huchqz -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\zcsat.dat:zuvmsk -> TrojanDownloader.Agent.ap : Ignored
C:\WINNT\_default.pif:chddqb -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\_default.pif:kpsyor -> TrojanDownloader.Agent.bq : Ignored
C:\WINNT\_default.pif:lkwffg -> Spyware.OneMoreSearch : Ignored
HKLM\SOFTWARE\Classes\CLSID\{0B5C5D8E-38CB-964C-0902-24D9E96E6F3B} -> Spyware.CoolWebSearch : Cleaned with backup






AboutBuster 5.0 reference file 30
Scan started on [10/3/2005] at [7:34:43 PM]
------------------------------------------------
Removed Stream! C:\WINNT\KB817778.log:tlemji
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 7:34:46 PM
  • 0

#4
greyknight17
Posted 03 October 2005 - 08:55 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
OK, did you do any of the HijackThis fixes? Your log looks exactly as it was before you did the fixes. Make sure you do the fixes and restarted your computer. Then run HijackThis scan and give me that new saved log.

Also, for Ewido, did you set them to Ignore the fix? Please go back to Safe Mode and set it to delete/remove any files it finds...they are all bad there.

When you are done, restart and give me a new log for HijackThis and Ewido.
  • 0

#5
sniper5
Posted 04 October 2005 - 11:01 AM

sniper5

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:30:17 PM, 10/4/2005
+ Report-Checksum: D11230B2

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{00720407-D33F-E9D7-BA6A-EFF3C7369D45} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{040404F9-0E14-1E0A-0930-C8A6A6C8A370} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0458C7E1-967D-72B5-37E0-291214822599} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0624B040-512E-D4FA-B655-4B4E23B12400} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0679EF96-D81C-8D4E-646E-E0B540146CAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AA0087A-593D-F517-11A6-C2CC0A729D7B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0AC06EDE-DB03-5DF7-8CBC-35C203487A0E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B5C5D8E-38CB-964C-0902-24D9E96E6F3B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B936818-A83D-004A-625A-757B4D758CC6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0E561666-F4B5-BA9C-AC2C-2188C8BABE0D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1181F853-6559-09CE-FB4F-030C47DFD511} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{13898BD6-0873-1991-8C89-C965424CDB1C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{138BEA7D-A481-0958-8EE3-118DD0E44A70} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{172CE92C-E4E0-AEEB-AA20-519B86D226D2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{178C5B77-2E39-0654-871E-0E57C19AC990} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18004C72-FF82-0C0D-5369-B1D1EE8CAE66} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C8A8318-3BD3-8211-EB1B-F7572064AC94} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{21E9ECE9-A25C-5B85-91EC-4B8984A7398B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2594E242-D05A-49E5-6977-586A6E43C236} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2621D1BF-0A92-2D9C-E595-02A9C3F76F46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{27A9291C-6514-9E2F-B4EA-9632FCD35088} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{289D8014-C5D0-DD4A-4477-89F1D0FD36D4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29F1D625-8BC0-9364-C57C-DB62035ABD50} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2E8D3124-8795-041A-5AB5-A483013BABE7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30FA22DA-655C-8D03-D4AA-26FCAD35FF51} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{33DA09FC-0D84-29B4-815F-CC48795929D4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{341A52CC-1175-A18B-2D4A-5337F1B83F32} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{348788DE-6C97-073B-B905-41EC15386AB0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{353AF24E-33EA-EE7F-BE3D-A23F1D28794B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36AA3E94-B87C-8EC0-6007-AD9B9FBF819A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{372B4E2D-E7C0-C8A4-5883-3986FCBB04EF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3750B1DE-B02D-8BEE-436B-460338740062} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C6A44B1-C740-E707-AB61-A1426E9FD3B4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C804100-83AA-D2DC-7F27-0179572F004B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D353C37-6A5E-2292-3370-D6D7CFDEDD7B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4007CEA0-6A72-F0B3-35E8-D6CC66C99125} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{48479316-8430-FCDF-EC3B-0FDEF4DB331B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A7E0ADF-C8A2-08D3-D46C-91318C2CD9A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4B04EEFD-800A-9B4B-6BDB-0DA206858EC3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4D6EB24B-C91F-B30B-36A7-8C8B04CBD9E1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53741D3E-19CE-5959-0908-3BB13C3C3990} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{53B9EE38-47AC-238E-78A2-7AC3BDB37714} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{56843B6D-BC1B-2432-BBEC-436B1258F6CB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{56CB8513-8464-5208-B4AA-4300B6F7BC0B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{57E2A8F4-A957-3F30-9323-88485335C5DC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{57E3366A-84A8-8E7A-61A4-31449D4C2413} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5A189601-435E-D784-F23F-4818C96DF3B8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5DE1550F-2B6D-0567-AE84-78CBCF6EB23D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5FF24E15-6EBA-3DC5-3667-DF8238F4A983} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64B8A81F-E339-FCB7-FADA-09397A02D452} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{64D82589-29F3-2E0B-3E93-D3211A1486C8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{675C169C-61D1-C7D6-27C1-8449CF480063} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{699113A2-49E5-44BD-2784-F9938F15CF49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6CE958B9-F78B-A9AC-5B7C-DF763EB74A46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{70E3122C-2CC1-FF16-DCB8-C81F822CE66E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{71F44915-5766-C5C7-3C57-A12032FD310A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7359F8C5-7626-32C9-DA3E-ECDBA6CDF831} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7470F262-EE76-4C96-C6B1-C89A02CDC7FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{760FB9E7-DA45-A826-D786-D27D86EFC72B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7ABA38B1-A3F5-9427-63B6-8D5BE47F286C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7AF33936-F509-7B5B-3543-5683A3F53B9E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C10B49D-43C1-410D-4A89-2B04D6CC771F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7D9A6801-DBCC-24FC-4649-FFA8D23DBF74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E562404-C395-FEAE-9587-21D1288BA8BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{80010426-C366-9F5D-EAF5-3372D821F450} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8AF0CE5C-0848-E7E5-02CB-B252B04F77E0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8B063FED-B6F3-D54F-5095-1514837FDE78} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BB188A2-F9AA-477D-2035-FA99EFEC0F01} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CEB942A-6387-5FED-7738-D0E08174D604} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{92854EC1-0623-4E3A-3993-F60435FEDF74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{92D7DCD2-63F4-0E70-A433-12EFE2034F46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9D9C966E-BCAD-2026-0FC7-A72060B03A20} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E092A6B-8DF7-DD49-A446-0B78BFA0CE8D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E590345-2CAF-3710-CEAE-2B56767589B6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E680E41-ECFF-E677-B3C2-F038A1610215} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A07C4313-E5DD-295B-3CB0-B58801EC2EFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A229042B-0D56-44A6-85DB-13CF1C4E9FD6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8DD0457-F5DB-B7C1-E57D-49139314A8E1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AA47A94E-B84E-A5D9-4A73-D564A38CB815} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B10E10B3-EFD4-95A4-8739-4A5B7AEC5144} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5118A3C-350A-DBFB-69D9-C4545A25ABAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5A0FE9C-4E0E-AF27-88E5-BEFEDE2FDEDC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B81896EA-E0AA-92AA-BF67-14B1C8C5A7E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B9151215-9C3C-B7E7-938D-323591EBABFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C42B6F50-4A94-B91F-795D-1960E04E69B5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C5C18C98-557D-958A-1A23-ADFC8C71090A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C7E41C93-707B-3166-9CC7-21210F194A79} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C8D54406-6EF3-7F0E-38BB-D6313B9FD92D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CA506350-30DA-EC13-A539-96006486BF9E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CADFA65E-4FCB-1293-5B86-BB4EFA30F1EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CE6391C4-346E-13E9-03A2-E8708CCA3B6A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D0405C5D-5964-84A4-169D-50AA4563009C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D5461ECE-49CF-A4AC-66D0-DFBB070B64D7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D5A169C9-13B9-716E-4E85-C5E11BCD04D5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6BBE15F-ADE1-1EF0-ABE1-254173A0D93A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DE9397AD-2ADF-5CE4-86D5-14631815B3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DEFE8426-F54F-3D27-684C-5A0FEE618E60} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DEFEF05D-61BA-2BFB-DB34-AB118C6A8498} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E1400B80-8B8F-0120-3B81-D4B058765282} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E4564D6D-4921-87B7-0C6A-2097D907B4A5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E63E927A-86D0-9904-89A5-12291C12FD61} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E936A7D5-783D-AEC2-11BD-6C9572C24E18} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAB8E947-455C-66FD-20B6-4C8970BABBFA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EB58C429-3960-27B6-0419-4B5688569E6C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EBA828AA-649D-3713-760D-64B032DB3F26} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F1A16D01-6E18-B984-B2B4-58741C35C427} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F4E37E5E-CA54-770B-0535-743F4FF8EE5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F508A827-A988-75DC-2FBE-C460DACBB132} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F61C6A80-6232-DD79-A5DA-0C16D4A99041} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F6EB941E-9DCD-6E07-E139-D2AB90BAAE62} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F744D56B-27F0-F7D0-153A-91C124D4089B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA1512CD-055E-ED1E-19B6-F1C5165E6B1E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA19ACFC-7B78-FCC9-847A-0350FF6F5E07} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FD657148-CFF7-B0FA-3DF2-27DD4B37658F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FEC51603-6BCA-8E17-7B90-00C2EE37143F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Image.Image -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Image.Image\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Image.Image\CLSID\\ -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Image.Image\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Image.Image.1 -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Image.Image.1\CLSID\\ -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource\CLSID\\ -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource.1 -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ShowSearch.ViewSource.1\CLSID\\ -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22}\URLSearchHooks\\{FD9BC004-8331-4457-B830-4759FF704C22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IEFeatSL_Uninstall -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchHook -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ShowSearch -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3779595728-2907002829-2663657440-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\{FD9BC004-8331-4457-B830-4759FF704C22} -> Spyware.CoolWebSearch : Cleaned with backup
C:\Documents and Settings\Owner\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0D.dat/files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\Downloads\HotRodASD-dm[1].exe -> Spyware.Trymedia : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP442\A0110811.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP479\A0139709.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147743.exe:vcbxk -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147745.exe:gicdq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147746.fin:wlmij -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147746.fin:xrnur -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147747.pif:chddqb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147747.pif:kpsyor -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\System Volume Information\_restore{7DCA1BE4-D752-48D6-A25E-C722C8FD1BC4}\RP482\A0147747.pif:lkwffg -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINNT\Active Setup Log.txt:yvybl -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\czvow.txt:tdjfa -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\daocc.txt:sisec -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\docwi.log:gndam -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\fblrp.txt:dbamed -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\fhpfz.dat:xgqvb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\gndam.log:reukpi -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINNT\Gone Fishing.bmp:aoiawf -> Spyware.OneMoreSearch : Cleaned with backup
C:\WINNT\ihnqs.log:zklnij -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\jpcli.log:docwi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\KB821557.log:oinpf -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\KB825119.log:vjqqc -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\KB828035.log:jcbto -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\KB828035.log:nkiww -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\WINNT\KB835732.log:cdtzr -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\KB839643-DirectX9.log:rjkhpo -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\KB840315.log:uvmel -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\KB840374.log:kkvnrz -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\ljrov.log:niocr -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINNT\msoffice.ini:skxnq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\mucvy.log:qckai -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\muninst.exe:dzljy -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\nkiww.txt:llqts -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\nsreg.dat:lmmpej -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\nsreg.dat:wzdps -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\ODBC.INI:ulqoc -> TrojanDownloader.Agent.an : Cleaned with backup
C:\WINNT\oeuninst.exe:rdoyt -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\oobeact.log:kdhlv -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\pcdlib32.dll:fntzz -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\WINNT\Prairie Wind.bmp:rlrmk -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\Q328310.log:kmkrm -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\Q329390.log:lovcew -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\Q331958.log:epnhyh -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\Q810565.log:ybblvg -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\Q814995.log:jdeers -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\Q815021.log:ceyoi -> TrojanDownloader.Agent.kd : Cleaned with backup
C:\WINNT\Q828026.log:nfbge -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\QUICKEN.INI:ereflf -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\Rhododendron.bmp:wswsni -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\SlantAdj.dll:veqba -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\Sti_Trace.log:gfbmw -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\WINNT\ubrtg.log:cbqri -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\UNNeroBurnRights.exe:vcbxk -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\uxclf.log:abbew -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\uxclf.log:xanqvi -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\vxgjl.txt:sctjy -> TrojanDownloader.Agent.cd : Cleaned with backup
C:\WINNT\wiaservc.log:gtkyqs -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\WindowsUpdate.log:dkbvp -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\WindowsUpdate.log:ztdlsd -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\winhlp32.exe:gicdq -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\winiini.fin:wlmij -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\winiini.fin:xrnur -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\wmsetup.log:psgzt -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\WMSysPrx.prx:rjnwn -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\WMSysPrx.prx:yrliv -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\xapzc.txt:kkxbh -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\ybugw.txt:huchqz -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\zcsat.dat:zuvmsk -> TrojanDownloader.Agent.ap : Cleaned with backup
C:\WINNT\_default.pif:chddqb -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_default.pif:kpsyor -> TrojanDownloader.Agent.bq : Cleaned with backup
C:\WINNT\_default.pif:lkwffg -> Spyware.OneMoreSearch : Cleaned with backup


::Report End





Logfile of HijackThis v1.99.1
Scan saved at 1:01:32 PM, on 10/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\hkcmd.exe
C:\Program Files\Gateway Utilities\GWInkMonitor.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\PestPatrol\PPControl.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\AIM\aim.exe
C:\WINNT\system32\slserv.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\wuauclt.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\System32\hkcmd.exe
O4 - HKLM\..\Run: [Gateway Ink Monitor] "C:\Program Files\Gateway Utilities\GWInkMonitor.exe"
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [EPSON Stylus CX5400] C:\WINNT\System32\spool\DRIVERS\W32X86\3\E_S4I2G1.EXE /P19 "EPSON Stylus CX5400" /O6 "USB001" /M "Stylus CX5400"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\Program Files\PestPatrol\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] C:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [FreeMem Pro] "C:\PROGRA~1\FREEME~1\Fmempro.exe" autostart
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINNT\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: cpcScanner - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: Bonjour Service - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINNT\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#6
greyknight17
Posted 04 October 2005 - 11:08 AM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
That looks much better now :tazz:

Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools (or View)->Folder Options->View tab:
* Under the Hidden files and folders heading, select Show hidden files and folders (it's Show all files for Windows 98).
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm and then click OK.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).

Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work. Make sure to close any open browsers. Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O4 - HKLM\..\RunServices: [Windows Media Player] MediaPIayer.exe

Delete the following Files/Folders (delete folders if no filename is specified) according to their directory (if none, just do a search for them) and delete them if they exist:

MediaPIayer.exe

Run Ewido scan again and save the report.

Restart and run BOTH of these scans:

Run an online virus scan at TrendMicro http://uk.trendmicro...call_launch.php. Just follow the instructions on the site to run the free online scan. If any viruses/trojans are detected, try to delete or clean them in that site. If any are not cleanable, copy and paste the infected files here. You may also use Panda ActiveScan at http://www.pandasoft...ucts/activescan. Post the log from the Panda scan here.

After that's done, run a new HijackThis scan. Save the log file and post it here. Also give me the logs for Panda and Ewido.
  • 0

#7
greyknight17
Posted 18 October 2005 - 04:17 PM

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP