Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijackthis log i need help

Started by jcpainter13 , Dec 05 2005 04:29 PM

  • Please log in to reply

#1
jcpainter13
Posted 05 December 2005 - 04:29 PM

jcpainter13

    New Member

  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 5:28:29 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Justin\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pdrno.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pdrno.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\pdrno.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {D3F6EC5D-83BA-FBCD-1424-2CB23092B7EA} - C:\WINDOWS\netdj32.dll (file missing)
O2 - BHO: Class - {FB8230DB-512F-D010-9C46-1B908489D798} - C:\WINDOWS\system32\d3ju.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [atlbm.exe] C:\WINDOWS\system32\atlbm.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [netfe.exe] C:\WINDOWS\system32\netfe.exe
O4 - HKLM\..\Run: [javadh32.exe] C:\WINDOWS\system32\javadh32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [javaqs32.exe] C:\WINDOWS\system32\javaqs32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [addmt.exe] C:\WINDOWS\addmt.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [mmtask] "C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\RunServices: [strtas] lockx.exe
O4 - HKLM\..\RunOnce: [d3vj32.exe] C:\WINDOWS\system32\d3vj32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Justin\Application Data\ttuh.exe
O4 - HKCU\..\Run: [smlogcfg] C:\WINDOWS\System32\smlogcfg.exe
O4 - HKCU\..\Run: [Dpnrbwg] C:\WINDOWS\System32\l?[bleep].exe
O4 - HKCU\..\Run: [wtoolsb] C:\Documents and Settings\Justin\Local Settings\Temp\wtoolsb.exe
O4 - HKCU\..\Run: [fileutil] C:\Documents and Settings\Justin\Local Settings\Temp\fileutil.exe
O4 - HKCU\..\Run: [kGUWAUXCYTF] C:\Documents and Settings\Justin\Local Settings\Temp\kGUWAUXCYTF.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [strtas] lockx.exe
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 206.161.125.149
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\syskh.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Network Associates McShield (McShield) - Unknown owner - C:\Program Files\Network Associates\VirusScan\mcshield.exe (file missing)
O23 - Service: Network Associates Task Manager (McTaskManager) - Unknown owner - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

Advertisements

#2
loophole
Posted 08 December 2005 - 02:41 AM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello :tazz:

Sorry for the delayed response, it has been very busy lately.

If you still require help please post a new Hijack log in this
thread and I will help you. If your problem has been fixed please
respond and let us know.

Thanks
  • 0

#3
jcpainter13
Posted 08 December 2005 - 11:52 AM

jcpainter13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
No prblem thanks for the help!!!!
Heres my new log:

Logfile of HijackThis v1.99.1
Scan saved at 12:51:55 PM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\System32\l?[bleep].exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Justin\Local Settings\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pdrno.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pdrno.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\pdrno.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {D3F6EC5D-83BA-FBCD-1424-2CB23092B7EA} - C:\WINDOWS\netdj32.dll (file missing)
O2 - BHO: Class - {FB8230DB-512F-D010-9C46-1B908489D798} - C:\WINDOWS\system32\d3ju.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [atlbm.exe] C:\WINDOWS\system32\atlbm.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [netfe.exe] C:\WINDOWS\system32\netfe.exe
O4 - HKLM\..\Run: [javadh32.exe] C:\WINDOWS\system32\javadh32.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [javaqs32.exe] C:\WINDOWS\system32\javaqs32.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [addmt.exe] C:\WINDOWS\addmt.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\RunServices: [strtas] lockx.exe
O4 - HKLM\..\RunOnce: [RemoveTempFilesReboot] C:\PROGRA~1\MUSICM~1\MUSICM~1\rundll32.exe C:\PROGRA~1\MUSICM~1\MUSICM~1\mminstall.dll,_ExportRemDirAndContents@16 C:\WINDOWS\temp\mmjb_temp
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Justin\Application Data\ttuh.exe
O4 - HKCU\..\Run: [smlogcfg] C:\WINDOWS\System32\smlogcfg.exe
O4 - HKCU\..\Run: [Dpnrbwg] C:\WINDOWS\System32\l?[bleep].exe
O4 - HKCU\..\Run: [wtoolsb] C:\Documents and Settings\Justin\Local Settings\Temp\wtoolsb.exe
O4 - HKCU\..\Run: [fileutil] C:\Documents and Settings\Justin\Local Settings\Temp\fileutil.exe
O4 - HKCU\..\Run: [kGUWAUXCYTF] C:\Documents and Settings\Justin\Local Settings\Temp\kGUWAUXCYTF.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [strtas] lockx.exe
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\PartyPoker.exe (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 206.161.125.149
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\syskh.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#4
loophole
Posted 08 December 2005 - 03:32 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Hello jcpainter13 :tazz:

Weve got some work to do but we should knockout most everything after this set of directions

You may wish to print out a copy of these instructions to follow while you complete this procedure

First we will need to download a few tools that will help us in the removal of your problem.

Download and install CleanUp! Here
but do not run it yet.
*NOTE* Cleanup deletes EVERYTHING out of temp/temporary folders and does not make backups

Download about:buster by RubbeRDuckY Here.
Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
Please download ewido security suite it is a free version of the program.

Update Ewido
  • You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
[/list]If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Close Ewido

Save all of these files somewhere you will remember like to the Desktop.


Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the below service:


Network Security Service (NSS)


When you find them, double-click on each one. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok.


Hijack fixes

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\pdrno.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\pdrno.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\pdrno.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {D3F6EC5D-83BA-FBCD-1424-2CB23092B7EA} - C:\WINDOWS\netdj32.dll (file missing)
O2 - BHO: Class - {FB8230DB-512F-D010-9C46-1B908489D798} - C:\WINDOWS\system32\d3ju.dll (file missing)
O4 - HKLM\..\Run: [atlbm.exe] C:\WINDOWS\system32\atlbm.exe
O4 - HKLM\..\Run: [netfe.exe] C:\WINDOWS\system32\netfe.exe
O4 - HKLM\..\Run: [javadh32.exe] C:\WINDOWS\system32\javadh32.exe
O4 - HKLM\..\Run: [javaqs32.exe] C:\WINDOWS\system32\javaqs32.exe
O4 - HKLM\..\Run: [addmt.exe] C:\WINDOWS\addmt.exe
O4 - HKLM\..\Run: [System service69] C:\WINDOWS\etb\pokapoka69.exe
O4 - HKLM\..\RunServices: [strtas] lockx.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Justin\Application Data\ttuh.exe
O4 - HKCU\..\Run: [Aida] C:\Documents and Settings\Justin\Application Data\ttuh.exe
O4 - HKCU\..\Run: [smlogcfg] C:\WINDOWS\System32\smlogcfg.exe
O4 - HKCU\..\Run: [Dpnrbwg] C:\WINDOWS\System32\l?[bleep].exe
O4 - HKCU\..\Run: [wtoolsb] C:\Documents and Settings\Justin\Local Settings\Temp\wtoolsb.exe
O4 - HKCU\..\Run: [fileutil] C:\Documents and Settings\Justin\Local Settings\Temp\fileutil.exe
O4 - HKCU\..\Run: [kGUWAUXCYTF] C:\Documents and Settings\Justin\Local Settings\Temp\kGUWAUXCYTF.exe
O4 - HKCU\..\Run: [strtas] lockx.exe
O15 - Trusted IP range: 206.161.125.149
O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\msopt.dll (file missing)

Now close all windows other than HiJackThis, then click Fix Checked


Safe Mode
Please reboot into safe mode Safe mode(continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Open About buster and run the program let it finish removing all it finds

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Now open Ewido
:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido security suite.


After all that, please post back with how things went as well as a new Hijack log and the Ewido log

Thanks .

Edited by loophole, 08 December 2005 - 03:34 PM.

  • 0

#5
jcpainter13
Posted 08 December 2005 - 07:50 PM

jcpainter13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:16:22 PM, 12/8/2005
+ Report-Checksum: 6D2D14E8

+ Scan result:

HKLM\SOFTWARE\Classes\actsetup.ActSetupObj -> Spyware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj\CLSID -> Spyware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj\CurVer -> Spyware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\actsetup.ActSetupObj.1 -> Spyware.Odysseus : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{01198741-DBE0-E6F4-9DBE-877B61FB1D1D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{029DB004-6BCD-0E73-3AEA-F205B565F0F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{031788DE-6282-F9CD-262A-AA22CDA2B068} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{03BFEDA6-8678-C773-5452-E7082FCA1BD7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{04EDA6A5-3C09-E146-8F75-5684DDB4E2A7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05BCCFDC-9678-9095-77E8-18289DB38257} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{05CFF62B-F8EF-A6A3-C2D8-0649EE07F197} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0713F0EF-F47D-A3DA-A0F3-C2ED763086A3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07A70617-8D17-A480-A5CF-0FCA3C65180D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07D80144-9372-FEAC-AEDD-21AE8732F067} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{07F0CAA0-8206-9DCC-5402-D4CC24EC1764} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{08BFBA35-C44B-38A4-2263-278430DC9376} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09248DC7-285D-A208-7675-8D1BAC7208C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{09312E20-8C50-C241-742B-35F21EDA9875} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0ADD4D53-B7DD-20F8-2AC9-AB9CB538A46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B6BE68E-B55A-5883-3DBC-30D73208D3E7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0B936818-A83D-004A-625A-757B4D758CC6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0C016F66-0147-FD26-5123-5C470E6791DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0E37D9E0-99E3-DA14-3197-60132338963E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0FBFA147-FFB4-19A8-49F8-D1A17B80E32D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{109FCEAD-8C5C-5B76-3BB3-A646D2B52C93} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{10D837D7-D6EA-8BCE-37FB-E58A2E09397B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1323178D-09E3-B628-CC3A-95630B64B7DA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1486290A-90C1-388F-ADC8-6BFAA6B057E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{151272FB-2CD4-E387-93B1-F52B2911D0EE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{155F178D-1B07-52BD-BF72-827F24ED9DCE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1674BCBE-46DE-7BAB-FBFA-CA15D9FEB632} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{16C710FD-4C93-9C02-15FC-681DF7937350} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1714A690-3BE3-3C63-D05D-B9E2E19A88A3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18BDB348-E8B0-D5A4-55F2-74FD4CB49A69} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{18DF9808-F6C9-984B-EDE3-0B7624EC452A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1B2B1933-92B1-481C-EB27-35E36BF72B5B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1B9CEE94-E0D7-13CF-2DA8-CA3C766EAAD0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1BD83F34-5674-FA0D-E5B2-7D7655F0D46F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1C1F1B09-C5DE-0C47-B128-B83F5668EB83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1DE20533-9118-BF9A-A6C6-F8E881A5FD4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1E920882-80EF-BD61-DBBD-0847C13D1197} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1EA0CE66-D6D5-2CEB-D734-97906011F9A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{1F0D6B1F-FEEB-261C-BE3C-F6F797F1D166} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{208BD4D8-3DA2-3736-A8E6-F3AF3479FA31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{226EF23F-8451-8515-BC02-3D0252C01453} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{24D627C3-088F-DDEB-85B3-5A49ED6BD761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{25742C0F-DC0D-F5DC-55DE-C66285AA22AB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2794292C-4490-D271-09E1-C39277C2D52A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2944D598-26C6-EAEE-CC51-6667352D7B57} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29B25401-5964-022D-3AC2-C7207FEFF994} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{29CDA41A-A8EB-6A68-BBF5-2877418D55C7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A6A2EFF-2FC6-683C-5911-BB1AC07E5964} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2A97DB56-E2B4-967C-AF9F-07FDF74289C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B5A2313-AE67-454E-9A8B-F74070E57F1B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2BFAB072-A3F3-0A97-6990-3673392B7DFC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D99FD34-F395-DFB0-0852-36D4976F6E3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2D9BB7B5-D27A-5907-A874-72E04FC719E8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30C5202D-2CDD-8C6D-6CD3-86CBAC73988B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{30E36B0A-CA1D-18E7-7FD2-9BA91D4D1710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{32587655-ECC2-9311-95C4-B841B07B7A99} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3507B32F-B4F9-0B6B-5168-A74196010FA0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{35E34195-6EC7-9FF7-74E1-8DBD6B07E389} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36846EB6-C1B1-A145-B3CE-F5740FA22FF8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3684B1D1-C737-AA3A-00B8-83FE7FF3C058} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{36A41F9E-B433-C078-89AE-486D2624C972} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38BCC2CD-AF0A-EC41-D4CB-035F1C7378C9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38EA95B6-06DF-844E-6763-813A152D6F74} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3A1550DD-FD7B-8D6E-989A-49A66DF1433F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3B9E0A95-3EBA-124F-52D1-033C73734625} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3C2E0AC2-347B-07FF-761D-31083C460F98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3D1F3C37-49CA-66D3-9877-04375ADE521D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3E8AEA49-2882-96D1-D4B0-D1EA3E4EEFD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{3F15B481-32E2-FE85-96FA-A8976289B4FD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{44A4F449-ADED-A513-8AE7-5A3DDF205F49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{452C15DF-936D-C8CB-B825-97DD4A210ABD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{47DA2122-90A1-597C-94D7-20963F392761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4822A81B-A35C-81CA-4B1E-595C44DF3F5E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4A8DADD4-5A25-4d41-8599-CB7458766220} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4AEDA6FC-6816-F03C-12F8-CDE056451F16} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4B3176F0-E32F-B010-C0D8-65FC118C3716} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4F69BB63-E16E-8258-44D4-7C0DCBCE7B70} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4F8E9FA5-37E2-683E-E18D-19AC6697532D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{4FCD2C21-6232-FD0F-36AA-4EFFC9284B2A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{50B9D537-5DB0-52B1-FF6F-ED6C70DA477E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{529D86BB-85DC-FC40-1699-BECC09038E95} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{52CA0FCE-F9E0-2125-6CA6-2627141A47E9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5345A51F-E5D0-5A0D-1418-A1C95C417E3C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{551764CC-ABCF-335C-76F6-62283B478A0F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5735BB6F-7A93-49E1-B628-ABB60DAA5F0B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{57CEBAAD-4565-C660-5FAF-624E13DBE3B7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{595B569B-A80C-DEE4-5AE6-7AF21D2B6F17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5B7E5C2F-7668-51A3-BA8C-F6B376755AF9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5C2B2D9C-60FC-5F4C-5894-68EB7DFA3935} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5DA6CA48-7D98-BC0B-40EF-22AC6558668A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5E60DAD4-D59A-D1EA-A0B3-BD226EE43523} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F32646E-6D3E-257C-2369-EFD1A3A012F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F4B11A7-C0A8-0B95-8741-481C8B0029E3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5F574346-A206-D78A-7149-4C709D5204A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{602C9652-36AF-DEC5-DE23-DB34295B6BA5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{61682029-A490-5C49-D9FD-682FB2DA97AF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{63DCBFC8-9F1C-3DA5-A957-E5BCF32589B1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{649B251D-07E9-0535-631A-53E906788E91} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{651214D8-15FD-F7BB-3AF2-BA7967C08710} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{65D75D06-7395-6352-09CD-E13B9059EFE9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66DEB589-B6D4-E95E-2E36-26287464CD11} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{66F47DB1-18C4-9337-E85F-30B8B1DD594A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67654C62-B847-D47B-7386-202E338F4761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{676575DD-4D46-911D-8037-9B10D6EE8BB5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{677E5988-9E47-B4BE-8002-B86CEAD32154} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67D02480-710B-80D7-0624-27BB57B32CDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{68005AEB-2632-F033-B29F-EA21C446CA22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{69C2D4B0-CE91-AAB5-0BB5-4F75B848492D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6A389597-708B-6F9D-B6EC-8D1A3EC9DFAF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6A493714-8012-621E-A09E-CD80FF52FB1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6BE5CD97-C2FD-46BB-5C0A-9634487B916D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6C652E08-1C50-09D2-7DC8-0714DB258C39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6CA47B61-1DD6-B070-D315-13DD49C15A8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D012127-ABB2-BF82-D02A-24CBBD599720} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6D3DF846-86BE-A81E-C69E-5A1818F8E929} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6DDF3AF2-CB9D-199D-044C-9941E91E7CFF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EDB124C-8B12-ABA8-CA16-CEBAC7061ADE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{711A9B30-7E7F-8A69-144B-125A175F6EC7} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{71476230-0B89-E69D-D223-279F989C21BB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{714C2287-DB2D-3514-4785-8EC21BA5C5F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72071605-48F5-CC68-B374-2CDDF451F27F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{72877DD4-A7A3-8B9D-DEB7-F09CC0629D54} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{73A0FEF4-C4EC-89F0-F3BC-FE7F59AD1DBA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{742CF04D-EE46-1423-E899-B91C547ABC20} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{76321C6A-B800-93A4-24BB-B1F318D2A8E0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7680E416-7D05-25A0-B061-94CA15C1484C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7868EC16-8C67-1DBD-6D5A-EBB325881BD9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{78CA5367-0660-D7DE-5424-C4AD26542538} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{794DE92B-5B3E-DFB3-BD79-2505954D24D5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7A8EC00B-7964-C396-E2F8-621F6C9029FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7B28CC5E-5425-8989-13A1-2929DDA8CC5F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7C36455F-C2B4-5BC0-575A-253825413F0C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7E2B347A-52AA-597F-9371-80822A8D1263} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8007F30A-ADD5-7E61-D29C-8F166BC8A3DD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{818D123D-B7CF-1169-DD32-2310AD262479} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{81AE8953-3335-A1BB-5174-F82625372B4E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8263BB7B-DDE9-23FF-589B-C8F6C675BE35} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{826D0369-102B-4A44-F27B-D9DCC50A8EE6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8424A742-21C5-E92B-D6A5-2B565D796258} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85E6B001-B482-61AE-78C6-6EAE60D74D00} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{85F1C7FC-7359-D6D5-C42B-F3E410DB4CAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{865E2CEC-DCDC-CF30-C932-8A491F233655} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8669ABB2-7410-3460-F449-E119DCA24CC4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{86B29A5F-CB91-3C3D-28A2-EDA38C1F28A8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8735EBDB-E5CE-D8EC-D853-7210E5BC2584} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{877DBFE0-6233-B1C4-8252-A4475BCF6DD2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A0FEDBB-3762-AEB7-E85E-6BCC16F76759} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A50C2FE-C00E-0C19-DC1A-BCABABE155C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8A75B9E2-7BAB-C3F7-4007-DCC3D24A9C47} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BB0647D-D9C2-CB7B-7651-2618BD82261B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8BBD3FEB-8F56-FA45-F83E-0589E7E09434} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8CD1D4D3-8260-44A7-67DD-A71E995AB77F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D01C3C9-547A-12EE-5401-4B29F8F98176} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8D1DF6CE-07E4-C211-83F6-537E054EDC98} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{8E883EC3-ABB5-0CD9-EC0A-78CB81A818D1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{929F8E8D-2C15-4240-E685-FA3C645381C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9320654E-9DD7-7B4E-FD11-BE169AC706F5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{932ECF21-1DCB-F962-4C70-56830E2BD255} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{96EEA21B-4AA3-4627-EA0A-176241DBD1A4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{97E37285-B9D3-035E-821F-3EBE4F849C3D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{98832348-0E38-D102-51A5-517934760119} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{99B1E639-DCA2-2C21-013F-DEF4B5729CA9} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9A711817-CADB-FD03-EBB1-4E2FC70601C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9B9D4A7D-1232-E364-432D-B58ECFAE5AF4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9C149FC6-86A5-C649-4760-9E20AC138BED} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9E2092B1-77DB-2A6A-A476-8BAA6CC65237} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9FF47B90-35D9-6F6F-3BC1-027BAA23833E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A0B249A8-05AF-32B0-992B-DB1CAFDEB3E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A167704A-0F01-8543-16A8-ECF3EBA5DC01} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A45C982E-5E8A-94C9-33A0-1F6E1789AC7E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A678B034-1492-1AC1-FF9B-636BC85F5643} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A72CAEB7-7E44-7941-564B-A741D28B01DB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A7D90935-7D8E-3E5D-9E71-486D629FCAAD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A9629E20-9B59-1F5F-58AE-E699D9122E1F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AAC06F6E-F261-4E44-CF1D-B1EA9712EF4B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABFF8236-DCBD-E17B-0A69-6FD85FA199FE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEADE211-1738-D170-94D4-88BB276E7B57} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AEDEFEF1-3732-630E-951F-1CBF02877CF3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF197E67-53B8-6C01-4733-3E7C25BA3A3B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{AF6BCC5C-38B1-5871-226C-AC6482380057} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B1169ABC-E367-2937-9F96-3B9CB54E0F31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B26E0DA6-7964-2B58-9B4B-94CBAA3AFF83} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B33C5B98-F4B9-B550-C81A-4EE9720874BF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B36D5282-D413-F545-CF79-A6CE970CFEBB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B5872D9A-BAAF-EE65-E0A0-6D49EFD1D166} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B595A235-53A2-27D5-EFF6-D0208801D071} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B6E89CAB-169D-C0D8-F8D0-4EB58B02ABAB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B7ABD257-6E0C-E7F0-26F5-0315127E44C2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BAA4A995-E881-38F6-1E95-AF9F2785FBB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BC0FE7F5-AD1D-A795-C683-F3EB54072EFE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCA18F7D-4CAB-D300-286E-432722FFB0FB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BCE50D6B-B3E6-30B9-72AB-14B60D86EB35} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD00AB82-F105-58F8-2B31-B600383177E6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BD757058-7180-2CE5-E5B6-8C70AEF236CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BE5DCDBC-54D3-95EA-B258-2D53BD817431} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{BFB13F83-4E3B-A3C3-D100-FEE3424CD9C0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C151BF9B-FE85-EC38-A53B-AE4D2044C94E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C21C6790-58A0-81BD-58F6-11EF55D9BADF} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2592E32-BC17-88BD-429F-D90632EDB3F1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C2FE095E-5BA7-FBC8-5387-2878C932A44F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C35C2F78-0E5E-F4AA-FD24-04CC74056392} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C39816D8-BA82-0890-929F-D27B4B0A27F0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C3CBD491-14A8-F1D3-52CC-F2038BD5FDDE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C436BE04-B80F-3F1B-B592-67B6C8C95688} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C53D27E6-2A68-7CD9-A09F-541EF27B2319} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C54510FE-72AA-27FF-1198-0CC47906F451} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C6986041-AF54-9AEF-5EA0-8C5C69D8DEB3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C75B8795-6012-883F-06EE-5F1501763CFE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C81EDEFC-5AB9-55D2-CDED-3C677E07B4E6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C881C594-6F3E-F3F1-EA4B-72C7CEA3E7DB} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C927A651-6768-ED9E-C3ED-CBD9A6CF4B22} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{C9368290-DE0B-80FF-0E2D-8933F6CA1A46} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAF35453-A9AB-61D6-E032-1F6CE85168F3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CAFF6042-9822-36A6-4764-C0BF5E59EF31} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CBD8F541-0C17-2308-CE59-19ACBB1E7CB6} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CC6A9DFF-521F-7DD3-E624-B30C0B9FF83A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CDEC09E6-8009-FC50-5FF8-83F317343213} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D02510A9-69A7-24D5-85DA-D3EC8E911C73} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D063E7A9-F6B2-80F8-44B2-F8210FDEDF67} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D0EFC5AD-B041-13C1-482F-CF46EFEFF6C3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D27DD7B4-A72B-4B66-2BD3-262B793A3C2C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D377FF80-B093-7377-D7F1-2D8792CCF322} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D3E61C7F-BD83-EA01-13F4-464C2595C096} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D4451521-F203-568E-2657-C5AD1F0B1F77} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D446D353-2612-B1DE-AEAC-943143F318FA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D605EAFF-2C3A-4619-43C1-4FFB062F68DE} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6C7DB36-C0AC-C91F-B408-61A55E5AB6C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D75897AF-4779-FE93-0121-038FA5AA18C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D7B5394E-D013-3545-35D0-45376236A8DC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D83F0117-C7D8-20AF-2100-FD548A73684C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D847DBFE-4EE2-AF6C-D202-0D9795B9D820} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D85FBAA5-5F33-6173-D800-EFD4E38AE63E} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DA78BE1D-07FE-B346-204E-C738DF8C7F8D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DABFF8C3-DF48-F11C-290D-D7CD732B35CC} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DCBA986D-47CE-1474-2CC9-32D4B1DC8A6C} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DD25AEF3-3DC7-625D-F3C6-DE10B7C6BF82} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DE064CF5-809E-A243-CC14-F5427E5967A1} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DE2D7676-D3B6-1EDB-60CA-DA72D6F9B006} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7066E9-8EE8-8682-F43E-2BF8E7E7D760} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF7346F5-4EB1-7F19-9320-5E86CBCBDA80} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DF74F87A-B7C0-F480-1D25-D81A257B3152} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DFC94122-75A0-85E3-3738-430A8B983C39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E36A99D7-088F-A5E8-1BA4-87116D938D49} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E404F826-ABE4-D856-61BA-BCBD539933F8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E5C23746-741A-FEC7-C517-86E204C95729} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E5E59618-FEBB-174D-3A09-E2EF1B2CDA17} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E63E927A-86D0-9904-89A5-12291C12FD61} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E647591B-D33E-72B8-A7F0-9D55C2A7369D} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E65FC41A-89B3-21B7-1EB6-E92DA3645370} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{E8C74323-6EAC-41DF-4232-E6575DCCE375} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAB9C89C-A224-B071-97DC-24A78995DD29} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EAC3A0EF-0931-C087-DD54-10E2CE664097} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EBB942DD-6CAD-83C9-BB7A-1A229122535B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ECEAF197-B6EF-9E38-0846-FF3BB03983AD} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EDB7FF48-2CC7-7131-A993-53C8F83DD550} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF0E2DA9-45A3-A38E-FA6A-8A14544A8BE4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF24BEB1-9592-9F8F-4B29-99399FD2C231} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EF4CB83E-BEF0-2DE3-F01E-55D0127FF3EA} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{EFF18EAC-64BF-91FF-8F1B-42B57350D99F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F065E398-2ACB-9034-8B2A-28A827FF521F} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F2255AF4-092C-0BF6-52CF-8484B194FCC4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F317424C-8ECC-86C7-5E5B-7AA1BD81D1C4} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F3267BA7-14CC-4368-6BFC-E59341D01507} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F3DD5740-8C65-5FF3-1225-F170898543B8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F7B868F8-EA98-86A3-D29E-5BCE94E2DD6A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F7DFCD4F-46CD-BDA8-264C-0A68205F4979} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F80F0D50-2D6C-75C3-606A-3DFE0F4FC5D0} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F99D5FC9-1F47-B6F5-F1D5-55AFEAD2853A} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA986CDE-0FA2-33A9-ECFD-8291DFA81985} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FB277F1B-89B6-A114-DD01-EC507A933F39} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FBA372DA-732C-2096-07DB-AA0E71833D10} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC5F30D8-4A16-B1C4-CFF8-EE955DFA16A2} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC92C3DE-F786-C2A4-4565-359ECF140E14} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC955BB2-DAA2-E394-1DD3-E8A207B823A6} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FCEBB27B-4E18-DA71-68DF-31397091EAF8} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FDEDD1BB-EE5D-1AF2-C50B-11681C5E2A93} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreenSaver Manager -> Spyware.LZIO : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW -> Spyware.CoolWebSearch : Cleaned with backup
HKU\.DEFAULT\Software\sais -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Adverts -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{90C61707-C8F8-43DB-A25C-C1F4B18EE41E} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Internet Explorer\Explorer Bars\{EDC4193F-34AD-4D07-AA87-E3FDB89E3E76} -> Spyware.CometCursor : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{045AE71F-801F-4A71-C593-6529CE594056} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0B58BEF4-C0D5-53BA-4F75-D23E40367540} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1C395BB5-EAC0-004E-6D1B-CC6785CD9DE5} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1F0D6B1F-FEEB-261C-BE3C-F6F797F1D166} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{22C0D6EC-0DEF-83C0-2433-5AE91234F546} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27D7BC22-F101-E351-8F6E-1B9CE9ECDD9C} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C874D56-A88C-3E88-B23F-99BEE8C67943} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32587655-ECC2-9311-95C4-B841B07B7A99} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{337E0629-2148-2599-602E-569DE2D76764} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36672DD6-0E2A-B9F7-1ADF-58AE711BE2D3} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{407FFCD2-654F-817E-A2EE-B535B9FBC95D} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44FA143F-05A1-A796-536B-363BB7DC977C} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{463E57CB-CFC3-B5A2-1166-CBFF75AD1B9E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4DAC7D8D-9C1A-3965-E63E-6CDFBCD1EB33} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5924C00A-80E3-71E7-FA17-AEE58A1B0A00} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5AEDA511-0157-5F17-AC3D-A3D8D05DFE0C} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{61729E45-8F32-7D9A-9D6D-03684AA204D4} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{626886F5-0E40-2626-FD2B-6A22AEACA6C6} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{649B251D-07E9-0535-631A-53E906788E91} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{66F47DB1-18C4-9337-E85F-30B8B1DD594A} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CA47B61-1DD6-B070-D315-13DD49C15A8A} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6CC8D4EF-FD23-1704-8A80-7AE8362432D7} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6EE714D9-32A7-986A-B54E-A994F454EDD3} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F8FA771-74ED-EABB-5DE2-9E2B3143177C} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{711A9B30-7E7F-8A69-144B-125A175F6EC7} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7394CC45-E29E-AC0B-19B4-FA1B376B3209} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{80DBFE15-2B1E-955B-81BD-BFC8BC93168F} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C71E7E1-BD83-36A9-1144-F1D55AF23F0E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97FD03BF-2223-5BCC-0213-A97E0706011D} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9AC37E11-63C7-D3E6-8EAE-1319DCCFBDC1} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9B936827-936D-A301-874F-BB34B7DB33C5} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9E146D60-4062-8C7C-D33B-14CDCD0418AE} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A175DFD6-96F2-00DD-ACA4-626F71F56520} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A692FF9A-5879-5C99-6791-53A31CA19934} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2561711-375A-C5C2-DBF9-4F87C6CDEC0E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B279D474-B064-DCC7-5638-6B0E0A96537C} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6A141A0-7C37-BFD5-BB25-3B2FEC5086FB} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B81896EA-E0AA-92AA-BF67-14B1C8C5A7E4} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B9D90B27-AD4A-413A-88CB-3E6DDC10DC2D} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BCB07B6E-BEFE-ADD4-7CEB-728FF235B841} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C0D758C7-1C71-33ED-7FF0-291D089BAD31} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CBD8F541-0C17-2308-CE59-19ACBB1E7CB6} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E7CCE3-E897-0FF8-81D6-3F27EA1CA24E} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DAC63EBB-1C44-604E-9716-DEFEB9E0B262} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E121C209-BF6B-57D4-6C7F-D3C2E3BE436E} -> Spyware.MidAddle : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E5AEC6A2-E0DA-BCCF-46E8-C8D57F1BAB09} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF0E2DA9-45A3-A38E-FA6A-8A14544A8BE4} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F032F043-EDA1-57B1-CD1D-20AEBAA824CB} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F29410C9-B2AD-CEAB-4F52-9AADB08954D1} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-3824200112-1257558753-3126012283-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3DD5740-8C65-5FF3-1225-F170898543B8} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-18\Software\sais -> Spyware.180Solutions : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.57:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.65:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.66:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.72:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
:mozilla.74:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.78:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.80:C:\Documents and Settings\Justin\Application Data\Mozilla\Firefox\Profiles\ocxw55tf.Justin\cookies.txt -> Spy
  • 0

#6
jcpainter13
Posted 08 December 2005 - 07:53 PM

jcpainter13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Logfile of HijackThis v1.99.1
Scan saved at 8:53:21 PM, on 12/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
C:\PROGRA~1\MUSICM~1\Common\COMPON~1\MMCOMP~1.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\LxrJD31s.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Justin\Local Settings\Temp\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\RunServices: [strtas] lockx.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Startup: Clean Access Agent.lnk = C:\Program Files\Cisco Systems\Clean Access Agent\CCAAgent.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Lexar JD31 (LxrJD31s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrJD31s.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#7
jcpainter13
Posted 08 December 2005 - 07:54 PM

jcpainter13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
MY computer is running alot better espcially when i play games on-line! Thanks alot!
  • 0

#8
loophole
Posted 08 December 2005 - 08:17 PM

loophole

    Malware Expert

  • Retired Staff
  • 9,798 posts
Just a step or two to go but nothing like that first step :tazz:

Please download LQfix.exe from one of the following locations:
  • http://www.downloads.subratam.org/LQfix.exe
    http://miekiemoes.geekstogo.com/tools/LQfix.exe

  • Save it to your desktop.
  • Double-Click LQfix.exe and click Next > Next > Install.
  • Leave the default settings, if you change them, the fix will Fail!
  • You need an active Internet Connection, so make sure your you're not blocking any connection now.
  • Now make sure the "Launch LQfix" box is checked.
  • Click the Finish button, after clicking the Finish button the fix will start.
  • Follow the on-screen prompts.
  • Your system will reboot afterwards.
  • Please be patient after the reboot, there is a script running in the background that needs to complete.
Then do a scan with HiJackThis and post a new log by using Add Reply
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP