Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware isnt working,recycle bin errors[RESOLVED]


  • This topic is locked This topic is locked

#16
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi RollWithAK

Post back a fresh HijackThis log and we'll take another look.

Kc :tazz:
  • 0

Advertisements


#17
RollWithAK

RollWithAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Here is my most recent hijack this log......

Sorry to be a pest, i'm just freakin out....

RK

Logfile of HijackThis v1.99.0
Scan saved at 11:27:57 PM, on 2/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\MSNGMSNGR32.EXE
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\tibs3.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\tmpf01.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe snim.dll, DllRegisterServer
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - HKCU\..\RunOnce: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O4 - Startup: winupdate76141074[1].exe
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

#18
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi RollWithAK

Download the Pocket KillBox
Unzip the files to your desktop. Don’t run it yet

Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu will come up where you can choose to enter Safe Mode.


Please set your system to show all files; see here for how to do this if you're unsure.

Close all programs down, leaving only HijackThis running.
Place a check against the following items:


O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: (no name) - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)
O4 - HKLM\..\Run: [Systems Restart] Rundll32.exe snim.dll, DllRegisterServer
O4 - HKLM\..\Run: [tibs3] C:\WINDOWS\System32\tibs3.exe
O4 - Startup: winupdate76141074[1].exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll
O18 - Filter: text/plain - {B72F75B8-93F3-429D-B13E-660B206D897A} - C:\WINDOWS\System32\snim.dll


Click on Fix Checked and exit HijackThis.

Using Windows Explorer, locate the following files/folders, and delete them:

C:\WINDOWS\System32\MSNGMSNGR32.EXE <--Delete this file
C:\WINDOWS\System32\ tibs3.exe<--Delete this file
C:\PROGRA~1\ AWS\WEATHE~1\Weather.EXE<--Delete this whole folder
C:\WINDOWS\System32\ tmpf01.exe[color]<--delete this file
C:\WINDOWS\System32\ [color=blue]snim.dll
<--Delete this file
Startup: [color=blue]winupdate76141074[1].exe[/color]<--Delete this file

Exit Explorer

Run KillBox.exe.

Select the Delete on Reboot option.
In the Full Path of File to Delete field paste this path and click the red circle with the white X in it, when it asks you to reboot, click No.
[color=blue]C:\WINDOWS\System32\snim.dll[/color]

Close killbox

[b]Reboot[/b[ your PC

Post back a fresh HijackThis log and we'll take another look.

Kc :tazz:
  • 0

#19
RollWithAK

RollWithAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hey KC, pfwwewww, finally a complete process i was able to get all the way through. Sweetness! Well here is my new hijack....

Logfile of HijackThis v1.99.0
Scan saved at 10:48:08 AM, on 2/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\open32.exe
C:\WINDOWS\System32\RUNDLL32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe



Thank You,

RK :tazz:
  • 0

#20
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi RollWithAK

It is looking better just a little bit more to remove ;)

Close all programs down, leaving only HijackThis running.
Place a check against the following items:

O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
O18 - Filter: text/html - {B72F75B8-93F3-429D-B13E-660B206D897A} - (no file)


Click on Fix Checked and exit HijackThis.

Reboot into Safe Mode: see here if you don't know how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

open32.exe
C:\WINDOWS\System32\mszx23.exe !!
open32.exe


Exit Explorer, and reboot as normal afterwards.

Use killbox again Delete this C:\WINDOWS\System32\mszx23.exe

Post back a fresh HijackThis log and we'll take another look.

Kc :tazz:
  • 0

#21
RollWithAK

RollWithAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hey KC, here is my new hijack... Also, do you know what the "CoolWebSearch" is because that is the type of thing that isn't being removed from my computer... And also there are pop ups that keep happening with the title "horseserver" thanks for all your help

RK :tazz:


Logfile of HijackThis v1.99.0
Scan saved at 11:55:15 PM, on 2/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

#22
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi RollWithAK

Hey KC, pfwwewww, finally a complete process i was able to get all the way through. Sweetness! Well here is my new hijack....

Please set your system to show all files; see here for how to do this if you're unsure.

Close all programs down, leaving only HijackThis running.
Place a check against the following items:

O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: Explorer Class - {962F12AE-2773-4BEB-99EA-B5C3AB9A6606} - C:\WINDOWS\System32\DSMANA~1.DLL
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)
O4 - HKLM\..\Run: [Shell] open32.exe
O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
O4 - HKLM\..\Run: [Microsoft Instant Messenger] MSNGMSNGR32.EXE
rouge malware

Click on Fix Checked and exit HijackThis.

Reboot into Safe Mode: see here if you don't know how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:

open32.exe
C:\WINDOWS\System32\mszx23.exe !!
C:\WINDOWS\System32\DSMANA~1.DLL
MSNGMSNGR32.exe
open32.exe


Exit Explorer, and reboot as normal afterwards.

Post back a fresh HijackThis log and we'll take another look.

Kc :tazz:
  • 0

#23
RollWithAK

RollWithAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Couple problems, on the hijack list, there is no O4 - HKLM\..\Run: [secboot]
C:\WINDOWS\System32\mszx23.exe !! and then also in safe mode, i was not
able to locate the file C:\WINDOWS\System32\DSMANA~1.DLL
MSNGMSNGR32.exe .... but here is my new hijack, thanks

Logfile of HijackThis v1.99.0
Scan saved at 1:06:59 PM, on 2/16/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
  • 0

#24
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi RollWithAK


Close all programs down, leaving only HijackThis running.
Place a check against the following items:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)


Click on Fix Checked and exit HijackThis.

reboot your PC

Post back a fresh HijackThis log and we'll take another look.

Kc :tazz:
  • 0

#25
RollWithAK

RollWithAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hey KC, here ya go....

Logfile of HijackThis v1.99.0
Scan saved at 8:05:39 PM, on 2/17/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\FinePixViewer\QuickDCF.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Ryan\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://channels.aimt.../aimtoolbar.jsp
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)
O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\PROGRA~1\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Weather] C:\PROGRA~1\AWS\WEATHE~1\Weather.EXE 1
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: Exif Launcher.lnk = C:\Program Files\FinePixViewer\QuickDCF.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: Yahoo! Cribbage - http://download.game...nts/y/it1_x.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec....sa/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.napster.c...ient/isetup.cab
O16 - DPF: {BAC01377-73DD-4796-854D-2A8997E3D68A} (Yahoo! Photos Easy Upload Tool Class) - http://us.dl1.yimg.c...ropper1_4us.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe



thanks,

RK
  • 0

Advertisements


#26
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi RollWithAK

Please update HijackThis v 1.99.1

Hi there,
The following are mandatory fixes:
Close all programs down, leaving only HijackThis running.
Place a check against the following items:

O2 - BHO: (no name) - {2D23730E-6827-5846-65B0-E611B410EB9A} - (no file)
O2 - BHO: (no name) - {7B8022BB-0189-F639-B02D-0862B9CC1974} - (no file)
O2 - BHO: (no name) - {D5F4DF72-1207-5B6E-C6FF-661CB246C513} - (no file)
O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!


Click on Fix Checked and exit HijackThis.


How to take ownership of a file or folder in Windows XP

Restart into Safe mode and find this file:
C:\WINDOWS\System32\ mszx23.exe
Right click on the file and choose properties.
Use the security tab on .dll and take ownership.
Change the 'everyone special' to
'you> with Admin rights-> FULL control
Then try to delete it, if that fails try to rename
it first to different name+ext.
Example:
ctl.dll>bleh.txt
bleh.txt > badfile.111

Once you have successfully deleted the file restart into Regular Windows mode.

Post back a fresh HijackThis log and we'll take another look.

Kc :tazz:
  • 0

#27
RollWithAK

RollWithAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hey KC, here's my problems, the file: O4 - HKLM\..\Run: [secboot] C:\WINDOWS\System32\mszx23.exe !!, is not showing up on the hijack this log for me to place a check by it and fix it. All three of the other files are showing up. What do I do?

RK
  • 0

#28
RollWithAK

RollWithAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hey KC, i know i just posted a reply, but i just got the update from ad-aware and my "CoolWebSearch" is getting out of hand... There was close to 60 forms of it on my computer. This is big but check out my ad-aware log....


Ad-Aware SE Build 1.05
Logfile Created on:Friday, February 18, 2005 4:25:34 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R28 16.02.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
CoolWebSearch(TAC index:10):75 total references
MRU List(TAC index:0):14 total references
Other(TAC index:5):1 total references
TIB Browser(TAC index:4):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


2-18-2005 4:25:34 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


MRU List Object Recognized!
Location: : S-1-5-21-436374069-1202660629-682003330-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : C:\Documents and Settings\Ryan\recent
Description : list of recently opened documents


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 460
ThreadCreationTime : 2-18-2005 4:05:08 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 640
ThreadCreationTime : 2-18-2005 4:05:11 AM
BasePriority : Normal


#:3 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 708
ThreadCreationTime : 2-18-2005 4:05:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 2-18-2005 4:05:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 908
ThreadCreationTime : 2-18-2005 4:05:11 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 988
ThreadCreationTime : 2-18-2005 4:05:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1184
ThreadCreationTime : 2-18-2005 4:05:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1252
ThreadCreationTime : 2-18-2005 4:05:12 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1368
ThreadCreationTime : 2-18-2005 4:05:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:10 [itouch.exe]
FilePath : C:\Program Files\Logitech\iTouch\
ProcessID : 1720
ThreadCreationTime : 2-18-2005 4:05:16 AM
BasePriority : Normal
FileVersion : 2.15.264
ProductVersion : 2.15.264
ProductName : iTouch
CompanyName : Logitech Inc.
FileDescription : iTouch Application
InternalName : iTouch
LegalCopyright : © 1998-2002 Logitech. All rights reserved.
LegalTrademarks : Logitech® and iTouch® are registered trademarks of Logitech Inc.
OriginalFilename : iTouch.exe
Comments : Created by the iTouch team

#:11 [mmtask.exe]
FilePath : C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\
ProcessID : 1736
ThreadCreationTime : 2-18-2005 4:05:16 AM
BasePriority : Normal
FileVersion : 1.0.0.1
ProductVersion : 1.0.0.1
ProductName : TODO: <Product name>
CompanyName : TODO: <Company name>
FileDescription : TODO: <File description>
InternalName : mmtask.exe
LegalCopyright : TODO: © <Company name>. All rights reserved.
OriginalFilename : mmtask.exe

#:12 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 1812
ThreadCreationTime : 2-18-2005 4:05:16 AM
BasePriority : Normal
FileVersion : 0.1.0.3208
ProductVersion : 0.1.0.3208
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2004
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:13 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1832
ThreadCreationTime : 2-18-2005 4:05:17 AM
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:14 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1852
ThreadCreationTime : 2-18-2005 4:05:17 AM
BasePriority : Normal
FileVersion : 6.5.1
ProductVersion : QuickTime 6.5.1
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:15 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1896
ThreadCreationTime : 2-18-2005 4:05:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:16 [quickdcf.exe]
FilePath : C:\Program Files\FinePixViewer\
ProcessID : 1940
ThreadCreationTime : 2-18-2005 4:05:17 AM
BasePriority : Normal
FileVersion : 3, 0, 0, 0
ProductVersion : 3, 0, 0, 0
ProductName : FinePixViewer
CompanyName : FUJI PHOTO FILM CO., LTD.
FileDescription : Exif Launcher
InternalName : QuickDCF
LegalCopyright : Copyright 2000-2002 FUJI PHOTO FILM CO.,LTD.
OriginalFilename : QuickDCF.exe

#:17 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 224
ThreadCreationTime : 2-18-2005 4:05:20 AM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:18 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 332
ThreadCreationTime : 2-18-2005 4:05:20 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:19 [wdfmgr.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 352
ThreadCreationTime : 2-18-2005 4:05:20 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:20 [mspmspsv.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 540
ThreadCreationTime : 2-18-2005 4:05:23 AM
BasePriority : Normal
FileVersion : 7.00.00.1956
ProductVersion : 7.00.00.1956
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:21 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 628
ThreadCreationTime : 2-18-2005 4:05:27 AM
BasePriority : Normal
FileVersion : 4.6.0.15
ProductVersion : 4.6.0.15
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2004 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:22 [tmpf01.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1668
ThreadCreationTime : 2-18-2005 5:02:22 AM
BasePriority : Normal


#:23 [regsvr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 4088
ThreadCreationTime : 2-18-2005 6:17:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft© Register Server
InternalName : REGSVR32
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : REGSVR32.EXE

#:24 [regsvr32.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2208
ThreadCreationTime : 2-18-2005 11:42:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.0 (XPClient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Microsoft© Register Server
InternalName : REGSVR32
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : REGSVR32.EXE

#:25 [tibs3.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2644
ThreadCreationTime : 2-18-2005 11:42:54 PM
BasePriority : Normal


#:26 [aim.exe]
FilePath : C:\Program Files\AIM\
ProcessID : 3900
ThreadCreationTime : 2-18-2005 11:55:01 PM
BasePriority : Normal
FileVersion : 5.9.3702
ProductVersion : 5.9.3702
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:27 [ares.exe]
FilePath : C:\Program Files\Ares\
ProcessID : 3588
ThreadCreationTime : 2-19-2005 12:12:01 AM
BasePriority : Normal
FileVersion : 1.8.1.2949
ProductVersion : 1.8.1
ProductName : Ares for windows
CompanyName : Ares Development Group
FileDescription : Ares
InternalName : Ares
OriginalFilename : ARES.EXE
Comments : http://www.aresgalaxy.org

#:28 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 2948
ThreadCreationTime : 2-19-2005 12:24:51 AM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 14


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b72f75b8-93f3-429d-b13e-660b206d897a}

CoolWebSearch Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\best search engine!!!

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\best search engine!!!
Value : DisplayName

CoolWebSearch Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\uninstall\best search engine!!!
Value : UninstallString

TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_USERS
Object : S-1-5-21-436374069-1202660629-682003330-1004\software\websiteviewer

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 19


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 19



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : 0708B1E8-86F3-4D30-A781-776A65
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\6C471E16-0D3A-45A5-AB72-C52F74\



CoolWebSearch Object Recognized!
Type : File
Data : F82A25E5-C255-4FE4-AAE8-39A3C7
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\6C471E16-0D3A-45A5-AB72-C52F74\



CoolWebSearch Object Recognized!
Type : File
Data : 65771ABA-6E2C-4730-8C2C-739739
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\821029D1-A7B2-479A-BB2B-84B0C7\



CoolWebSearch Object Recognized!
Type : File
Data : 255C4422-E780-4E0C-BD0C-4198E1
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\841CCFAE-8336-4EFF-96CB-68832F\



CoolWebSearch Object Recognized!
Type : File
Data : 1F128600-E2A8-404B-A4DB-CE3FAD
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\92980F0E-F808-4C06-9DF7-0402F2\



CoolWebSearch Object Recognized!
Type : File
Data : BC7F98C5-701F-41D0-B21D-421373
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\B2EBA1DC-5481-4102-8831-A8BECD\



CoolWebSearch Object Recognized!
Type : File
Data : 1C849427-0525-4478-9772-F10014
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\C89EA096-5787-416C-BEAB-2FD965\



CoolWebSearch Object Recognized!
Type : File
Data : EFBAD094-1F67-4C00-9BBE-2843C6
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\E2246274-0852-417C-A5D9-1F2837\



CoolWebSearch Object Recognized!
Type : File
Data : 553D6A3B-8895-4EE4-9D13-39365F
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\F2AF6EB3-A051-4F48-B5D8-EC1CE2\



CoolWebSearch Object Recognized!
Type : File
Data : FBE7922E-8547-419B-845D-C8254F
Category : Malware
Comment :
Object : C:\Program Files\Microsoft AntiSpyware\Quarantine\F2AF6EB3-A051-4F48-B5D8-EC1CE2\



CoolWebSearch Object Recognized!
Type : File
Data : A0070617.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP631\



CoolWebSearch Object Recognized!
Type : File
Data : A0070618.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP631\



CoolWebSearch Object Recognized!
Type : File
Data : A0071380.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP632\



CoolWebSearch Object Recognized!
Type : File
Data : A0071389.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP632\



CoolWebSearch Object Recognized!
Type : File
Data : A0071862.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP634\



CoolWebSearch Object Recognized!
Type : File
Data : A0071863.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP634\



CoolWebSearch Object Recognized!
Type : File
Data : A0071876.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP634\



CoolWebSearch Object Recognized!
Type : File
Data : A0071877.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP634\



CoolWebSearch Object Recognized!
Type : File
Data : A0073248.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP638\



CoolWebSearch Object Recognized!
Type : File
Data : A0073270.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP638\



CoolWebSearch Object Recognized!
Type : File
Data : A0073271.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP638\



CoolWebSearch Object Recognized!
Type : File
Data : A0073399.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP640\



CoolWebSearch Object Recognized!
Type : File
Data : A0073401.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP640\



CoolWebSearch Object Recognized!
Type : File
Data : A0073441.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP640\



CoolWebSearch Object Recognized!
Type : File
Data : A0073442.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP640\



CoolWebSearch Object Recognized!
Type : File
Data : A0073446.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP641\



CoolWebSearch Object Recognized!
Type : File
Data : A0073447.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP641\



CoolWebSearch Object Recognized!
Type : File
Data : A0073498.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\



CoolWebSearch Object Recognized!
Type : File
Data : A0073499.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-10.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-11.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-3.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-4.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-5.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-6.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-7.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-8.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-9.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP642\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : A0073546.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP643\



CoolWebSearch Object Recognized!
Type : File
Data : A0073547.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP643\



CoolWebSearch Object Recognized!
Type : File
Data : A0073561.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\



CoolWebSearch Object Recognized!
Type : File
Data : A0073562.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-1.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-11.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-2.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-3.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-4.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-5.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-6.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-7.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-9.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP644\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : A0073648.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP646\



CoolWebSearch Object Recognized!
Type : File
Data : A0073678.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP646\



CoolWebSearch Object Recognized!
Type : File
Data : A0073691.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP646\



CoolWebSearch Object Recognized!
Type : File
Data : A0073692.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP646\



CoolWebSearch Object Recognized!
Type : File
Data : A0073698.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\



CoolWebSearch Object Recognized!
Type : File
Data : A0073702.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-1.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-10.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-11.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-12.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-2.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-3.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-4.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-5.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-6.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-7.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-8.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : MFEX-9.DAT
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP647\snapshot\



CoolWebSearch Object Recognized!
Type : File
Data : A0073757.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP649\



CoolWebSearch Object Recognized!
Type : File
Data : A0073761.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{A7C39371-890C-4D87-96B8-AD0090550670}\RP649\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 90


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
12 entries scanned.
New critical objects:0
Objects found so far: 90




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

TIB Browser Object Recognized!
Type : Regkey
Data :
Category : Dialer
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\websiteviewer

TIB Browser Object Recognized!
Type : File
Data : tibs3.exe
Category : Dialer
Comment :
Object : C:\WINDOWS\System32\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 3
Objects found so far: 93

4:33:22 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:07:47.985
Objects scanned:131087
Objects identified:79
Objects ignored:0
New critical objects:79

Thanks
  • 0

#29
Guest_thatman_*

Guest_thatman_*
  • Guest
Hi RollWithAK

The L2mfix has been updated Please download the new update

You have the latest version of VX2. Download L2mfix from one of these two locations:

http://www.atribune....oads/l2mfix.exe
http://www.downloads....org/l2mfix.exe

Save the file to your desktop and double click l2mfix.exe. Click the Install button to extract the files and follow the prompts, then open the newly added l2mfix folder on your desktop. Double click l2mfix.bat and select option #1 for Run Find Log by typing 1 and then pressing enter. This will scan your computer and it may appear nothing is happening, then, after a minute or 2, notepad will open with a log. Copy the contents of that log and paste it into this thread.

IMPORTANT: Do NOT run option #2 OR any other files in the l2mfix folder until you are asked to do so!

kc :tazz:
  • 0

#30
RollWithAK

RollWithAK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hey KC, sorry for my absence the past few days... But here is the requested information...

L2MFIX find log 1.02b
These are the registry keys present
**********************************************************************************
Winlogon/notify:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,33,00,32,00,2e,00,64,00,6c,00,\
6c,00,00,00
"Logoff"="ChainWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet]
"Asynchronous"=dword:00000000
"Impersonate"=dword:00000000
"DllName"=hex(2):63,00,72,00,79,00,70,00,74,00,6e,00,65,00,74,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Logoff"="CryptnetWlxLogoffEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll]
"DLLName"="cscdll.dll"
"Logon"="WinlogonLogonEvent"
"Logoff"="WinlogonLogoffEvent"
"ScreenSaver"="WinlogonScreenSaverEvent"
"Startup"="WinlogonStartupEvent"
"Shutdown"="WinlogonShutdownEvent"
"StartShell"="WinlogonStartShellEvent"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\drct16]
"DllName"=hex(2):64,00,72,00,63,00,74,00,31,00,36,00,2e,00,64,00,6c,00,6c,00,\
00,00
"Startup"="MeMessager"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001
"MaxWait"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
@=""
"DLLName"="igfxsrvc.dll"
"Asynchronous"=dword:00000001
"Impersonate"=dword:00000001
"Unlock"="WinlogonUnlockEvent"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp]
"DLLName"="wlnotify.dll"
"Logon"="SCardStartCertProp"
"Logoff"="SCardStopCertProp"
"Lock"="SCardSuspendCertProp"
"Unlock"="SCardResumeCertProp"
"Enabled"=dword:00000001
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"StartShell"="SchedStartShell"
"Logoff"="SchedEventLogOff"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy]
"Logoff"="WLEventLogoff"
"Impersonate"=dword:00000000
"Asynchronous"=dword:00000001
"DllName"=hex(2):73,00,63,00,6c,00,67,00,6e,00,74,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn]
"DLLName"="WlNotify.dll"
"Lock"="SensLockEvent"
"Logon"="SensLogonEvent"
"Logoff"="SensLogoffEvent"
"Safe"=dword:00000001
"MaxWait"=dword:00000258
"StartScreenSaver"="SensStartScreenSaverEvent"
"StopScreenSaver"="SensStopScreenSaverEvent"
"Startup"="SensStartupEvent"
"Shutdown"="SensShutdownEvent"
"StartShell"="SensStartShellEvent"
"PostShell"="SensPostShellEvent"
"Disconnect"="SensDisconnectEvent"
"Reconnect"="SensReconnectEvent"
"Unlock"="SensUnlockEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv]
"Asynchronous"=dword:00000000
"DllName"=hex(2):77,00,6c,00,6e,00,6f,00,74,00,69,00,66,00,79,00,2e,00,64,00,\
6c,00,6c,00,00,00
"Impersonate"=dword:00000000
"Logoff"="TSEventLogoff"
"Logon"="TSEventLogon"
"PostShell"="TSEventPostShell"
"Shutdown"="TSEventShutdown"
"StartShell"="TSEventStartShell"
"Startup"="TSEventStartup"
"MaxWait"=dword:00000258
"Reconnect"="TSEventReconnect"
"Disconnect"="TSEventDisconnect"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon]
"DLLName"="wlnotify.dll"
"Logon"="RegisterTicketExpiredNotificationEvent"
"Logoff"="UnregisterTicketExpiredNotificationEvent"
"Impersonate"=dword:00000001
"Asynchronous"=dword:00000001

**********************************************************************************
useragent:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]

**********************************************************************************
Shell Extension key:
Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{00022613-0000-0000-C000-000000000046}"="Multimedia File Property Sheet"
"{176d6597-26d3-11d1-b350-080036a75b03}"="ICM Scanner Management"
"{1F2E5C40-9550-11CE-99D2-00AA006E086C}"="NTFS Security Page"
"{3EA48300-8CF6-101B-84FB-666CCB9BCD32}"="OLE Docfile Property Page"
"{40dd6e20-7c17-11ce-a804-00aa003ca9f6}"="Shell extensions for sharing"
"{41E300E0-78B6-11ce-849B-444553540000}"="PlusPack CPL Extension"
"{42071712-76d4-11d1-8b24-00a0c9068ff3}"="Display Adapter CPL Extension"
"{42071713-76d4-11d1-8b24-00a0c9068ff3}"="Display Monitor CPL Extension"
"{42071714-76d4-11d1-8b24-00a0c9068ff3}"="Display Panning CPL Extension"
"{4E40F770-369C-11d0-8922-00A024AB2DBB}"="DS Security Page"
"{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}"="Compatibility Page"
"{56117100-C0CD-101B-81E2-00AA004AE837}"="Shell Scrap DataHandler"
"{59099400-57FF-11CE-BD94-0020AF85B590}"="Disk Copy Extension"
"{59be4990-f85c-11ce-aff7-00aa003ca9f6}"="Shell extensions for Microsoft Windows Network objects"
"{5DB2625A-54DF-11D0-B6C4-0800091AA605}"="ICM Monitor Management"
"{675F097E-4C4D-11D0-B6C1-0800091AA605}"="ICM Printer Management"
"{764BF0E1-F219-11ce-972D-00AA00A14F56}"="Shell extensions for file compression"
"{77597368-7b15-11d0-a0c2-080036af3f03}"="Web Printer Shell Extension"
"{7988B573-EC89-11cf-9C00-00AA00A14F56}"="Disk Quota UI"
"{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA}"="Encryption Context Menu"
"{85BBD920-42A0-1069-A2E4-08002B30309D}"="Briefcase"
"{88895560-9AA2-1069-930E-00AA0030EBC8}"="HyperTerminal Icon Ext"
"{BD84B380-8CA2-1069-AB1D-08000948F534}"="Fonts"
"{DBCE2480-C732-101B-BE72-BA78E9AD5B27}"="ICC Profile"
"{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}"="Printers Security Page"
"{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"="Shell extensions for sharing"
"{f92e8c40-3d33-11d2-b1aa-080036a75b03}"="Display TroubleShoot CPL Extension"
"{7444C717-39BF-11D1-8CD9-00C04FC29D45}"="Crypto PKO Extension"
"{7444C719-39BF-11D1-8CD9-00C04FC29D45}"="Crypto Sign Extension"
"{7007ACC7-3202-11D1-AAD2-00805FC1270E}"="Network Connections"
"{992CFFA0-F557-101A-88EC-00DD010CCC48}"="Network Connections"
"{E211B736-43FD-11D1-9EFB-0000F8757FCD}"="Scanners & Cameras"
"{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}"="Scanners & Cameras"
"{905667aa-acd6-11d2-8080-00805f6596d2}"="Scanners & Cameras"
"{3F953603-1008-4f6e-A73A-04AAC7A992F1}"="Scanners & Cameras"
"{83bbcbf3-b28a-4919-a5aa-73027445d672}"="Scanners & Cameras"
"{F0152790-D56E-4445-850E-4F3117DB740C}"="Remote Sessions CPL Extension"
"{5F327514-6C5E-4d60-8F16-D07FA08A78ED}"="Auto Update Property Sheet Extension"
"{60254CA5-953B-11CF-8C96-00AA00B8708C}"="Shell extensions for Windows Script Host"
"{2206CDB2-19C1-11D1-89E0-00C04FD7A829}"="Microsoft Data Link"
"{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Icon Handler"
"{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}"="Tasks Folder Shell Extension"
"{D6277990-4C6A-11CF-8D87-00AA0060F5BF}"="Scheduled Tasks"
"{0DF44EAA-FF21-4412-828E-260A8728E7F1}"="Taskbar and Start Menu"
"{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}"="Search"
"{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}"="Help and Support"
"{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}"="Run..."
"{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}"="Internet"
"{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}"="E-mail"
"{D20EA4E1-3957-11d2-A40B-0C5020524152}"="Fonts"
"{D20EA4E1-3957-11d2-A40B-0C5020524153}"="Administrative Tools"
"{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}"="Audio Media Properties Handler"
"{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}"="Video Media Properties Handler"
"{E4B29F9D-D390-480b-92FD-7DDB47101D71}"="Wav Properties Handler"
"{87D62D94-71B3-4b9a-9489-5FE6850DC73E}"="Avi Properties Handler"
"{A6FD9E45-6E44-43f9-8644-08598F5A74D9}"="Midi Properties Handler"
"{c5a40261-cd64-4ccf-84cb-c394da41d590}"="Video Thumbnail Extractor"
"{5E6AB780-7743-11CF-A12B-00AA004AE837}"="Microsoft Internet Toolbar"
"{22BF0C20-6DA7-11D0-B373-00A0C9034938}"="Download Status"
"{91EA3F8B-C99B-11d0-9815-00C04FD91972}"="Augmented Shell Folder"
"{6413BA2C-B461-11d1-A18A-080036B11A03}"="Augmented Shell Folder 2"
"{F61FFEC1-754F-11d0-80CA-00AA005B4383}"="BandProxy"
"{7BA4C742-9E81-11CF-99D3-00AA004AE837}"="Microsoft BrowserBand"
"{30D02401-6A81-11d0-8274-00C04FD5AE38}"="Search Band"
"{32683183-48a0-441b-a342-7c2a440a9478}"="Media Band"
"{169A0691-8DF9-11d1-A1C4-00C04FD75D13}"="In-pane search"
"{07798131-AF23-11d1-9111-00A0C98BA67D}"="Web Search"
"{AF4F6510-F982-11d0-8595-00AA004CD6D8}"="Registry Tree Options Utility"
"{01E04581-4EEE-11d0-BFE9-00AA005B4383}"="&Address"
"{A08C11D2-A228-11d0-825B-00AA005B4383}"="Address EditBox"
"{00BB2763-6A77-11D0-A535-00C04FD7D062}"="Microsoft AutoComplete"
"{7376D660-C583-11d0-A3A5-00C04FD706EC}"="TridentImageExtractor"
"{6756A641-DE71-11d0-831B-00AA005B4383}"="MRU AutoComplete List"
"{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}"="Custom MRU AutoCompleted List"
"{7e653215-fa25-46bd-a339-34a2790f3cb7}"="Accessible"
"{acf35015-526e-4230-9596-becbe19f0ac9}"="Track Popup Bar"
"{E0E11A09-5CB8-4B6C-8332-E00720A168F2}"="Address Bar Parser"
"{00BB2764-6A77-11D0-A535-00C04FD7D062}"="Microsoft History AutoComplete List"
"{03C036F1-A186-11D0-824A-00AA005B4383}"="Microsoft Shell Folder AutoComplete List"
"{00BB2765-6A77-11D0-A535-00C04FD7D062}"="Microsoft Multiple AutoComplete List Container"
"{ECD4FC4E-521C-11D0-B792-00A0C90312E1}"="Shell Band Site Menu"
"{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}"="Shell DeskBarApp"
"{ECD4FC4C-521C-11D0-B792-00A0C90312E1}"="Shell DeskBar"
"{ECD4FC4D-521C-11D0-B792-00A0C90312E1}"="Shell Rebar BandSite"
"{DD313E04-FEFF-11d1-8ECD-0000F87A470C}"="User Assist"
"{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}"="Global Folder Settings"
"{EFA24E61-B078-11d0-89E4-00C04FC9E26E}"="Favorites Band"
"{0A89A860-D7B1-11CE-8350-444553540000}"="Shell Automation Inproc Service"
"{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}"="Shell DocObject Viewer"
"{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}"="Microsoft Browser Architecture"
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"="InternetShortcut"
"{3C374A40-BAE4-11CF-BF7D-00AA006946EE}"="Microsoft Url History Service"
"{FF393560-C2A7-11CF-BFF4-444553540000}"="History"
"{7BD29E00-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{7BD29E01-76C1-11CF-9DD0-00A0C9034933}"="Temporary Internet Files"
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"="Microsoft Url Search Hook"
"{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}"="IE4 Suite Splash Screen"
"{67EA19A0-CCEF-11d0-8024-00C04FD75D13}"="CDF Extension Copy Hook"
"{131A6951-7F78-11D0-A979-00C04FD705A2}"="ISFBand OC"
"{9461b922-3c5a-11d2-bf8b-00c04fb93661}"="Search Assistant OC"
"{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}"="The Internet"
"{871C5380-42A0-1069-A2EA-08002B30309D}"="Internet Name Space"
"{EFA24E64-B078-11d0-89E4-00C04FC9E26E}"="Explorer Band"
"{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}"="Sendmail service"
"{88C6C381-2E85-11D0-94DE-444553540000}"="ActiveX Cache Folder"
"{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"="WebCheck"
"{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}"="Subscription Mgr"
"{F5175861-2688-11d0-9C5E-00AA00A45957}"="Subscription Folder"
"{08165EA0-E946-11CF-9C87-00AA005127ED}"="WebCheckWebCrawler"
"{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}"="WebCheckChannelAgent"
"{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}"="TrayAgent"
"{7D559C10-9FE9-11d0-93F7-00AA0059CE02}"="Code Download Agent"
"{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}"="ConnectionAgent"
"{D8BD2030-6FC9-11D0-864F-00AA006809D9}"="PostAgent"
"{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}"="WebCheck SyncMgr Handler"
"{352EC2B7-8B9A-11D1-B8AE-006008059382}"="Shell Application Manager"
"{0B124F8F-91F0-11D1-B8B5-006008059382}"="Installed Apps Enumerator"
"{CFCCC7A0-A282-11D1-9082-006008059382}"="Darwin App Publisher"
"{e84fda7c-1d6a-45f6-b725-cb260c236066}"="Shell Image Verbs"
"{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}"="Shell Image Data Factory"
"{3F30C968-480A-4C6C-862D-EFC0897BB84B}"="GDI+ file thumbnail extractor"
"{9DBD2C50-62AD-11d0-B806-00C04FD706EC}"="Summary Info Thumbnail handler (DOCFILES)"
"{EAB841A0-9550-11cf-8C16-00805F1408F3}"="HTML Thumbnail Extractor"
"{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}"="Shell Image Property Handler"
"{CC6EEFFB-43F6-46c5-9619-51D571967F7D}"="Web Publishing Wizard"
"{add36aa8-751a-4579-a266-d66f5202ccbb}"="Print Ordering via the Web"
"{6b33163c-76a5-4b6c-bf21-45de9cd503a1}"="Shell Publishing Wizard Object"
"{58f1f272-9240-4f51-b6d4-fd63d1618591}"="Get a Passport Wizard"
"{7A9D77BD-5403-11d2-8785-2E0420524153}"="User Accounts"
"{BD472F60-27FA-11cf-B8B4-444553540000}"="Compressed (zipped) Folder Right Drag Handler"
"{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}"="Compressed (zipped) Folder SendTo Target"
"{f39a0dc0-9cc8-11d0-a599-00c04fd64433}"="Channel File"
"{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}"="Channel Shortcut"
"{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}"="Channel Handler Object"
"{f3da0dc0-9cc8-11d0-a599-00c04fd64437}"="Channel Menu"
"{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}"="Channel Properties"
"{63da6ec0-2e98-11cf-8d82-444553540000}"="FTP Folders Webview"
"{883373C3-BF89-11D1-BE35-080036B11A03}"="Microsoft DocProp Shell Ext"
"{A9CF0EAE-901A-4739-A481-E35B73E47F6D}"="Microsoft DocProp Inplace Edit Box Control"
"{8EE97210-FD1F-4B19-91DA-67914005F020}"="Microsoft DocProp Inplace ML Edit Box Control"
"{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}"="Microsoft DocProp Inplace Droplist Combo Control"
"{6A205B57-2567-4A2C-B881-F787FAB579A3}"="Microsoft DocProp Inplace Calendar Control"
"{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}"="Microsoft DocProp Inplace Time Control"
"{8A23E65E-31C2-11d0-891C-00A024AB2DBB}"="Directory Query UI"
"{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}"="Shell properties for a DS object"
"{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}"="Directory Object Find"
"{F020E586-5264-11d1-A532-0000F8757D7E}"="Directory Start/Search Find"
"{0D45D530-764B-11d0-A1CA-00AA00C16E65}"="Directory Property UI"
"{62AE1F9A-126A-11D0-A14B-0800361B1103}"="Directory Context Menu Verbs"
"{ECF03A33-103D-11d2-854D-006008059367}"="MyDocs Copy Hook"
"{ECF03A32-103D-11d2-854D-006008059367}"="MyDocs Drop Target"
"{4a7ded0a-ad25-11d0-98a8-0800361b1103}"="MyDocs Properties"
"{750fdf0e-2a26-11d1-a3ea-080036587f03}"="Offline Files Menu"
"{10CFC467-4392-11d2-8DB4-00C04FA31A66}"="Offline Files Folder Options"
"{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}"="Offline Files Folder"
"{143A62C8-C33B-11D1-84FE-00C04FA34A14}"="Microsoft Agent Character Property Sheet Handler"
"{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}"="DfsShell"
"{60fd46de-f830-4894-a628-6fa81bc0190d}"="%DESC_PublishDropTarget%"
"{7A80E4A8-8005-11D2-BCF8-00C04F72C717}"="MMC Icon Handler"
"{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}"=".CAB file viewer"
"{32714800-2E5F-11d0-8B85-00AA0044F941}"="For &People..."
"{8DD448E6-C188-4aed-AF92-44956194EB1F}"="Windows Media Player Play as Playlist Context Menu Handler"
"{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}"="Windows Media Player Burn Audio CD Context Menu Handler"
"{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}"="Windows Media Player Add to Playlist Context Menu Handler"
"{5CA3D70E-1895-11CF-8E15-001234567890}"="DriveLetterAccess"
"{BDEADF00-C265-11D0-BCED-00A0C90AB50F}"="Web Folders"
"{0006F045-0000-0000-C000-000000000046}"="Microsoft Outlook Custom Icon Handler"
"{42042206-2D85-11D3-8CFF-005004838597}"="Microsoft Office HTML Icon Handler"
"{32020A01-506E-484D-A2A8-BE3CF17601C3}"="AlcoholShellEx"
"{B1E741E7-1E77-40D4-9FD8-51949B9CCBD0}"="Pa&nicware Pop-Up Stopper Pro"
"{640167b4-59b0-47a6-b335-a6b3c0695aea}"="Portable Media Devices"
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}"="Portable Media Devices Menu"
"{E0D79304-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79305-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79306-84BE-11CE-9641-444553540000}"="WinZip"
"{E0D79307-84BE-11CE-9641-444553540000}"="WinZip"
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}"="Shell Extensions for RealOne Player"
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}"="WinRAR shell extension"

**********************************************************************************
HKEY ROOT CLASSIDS:
**********************************************************************************
Files Found are not all bad files:
Locate .tmp files:
**********************************************************************************
Directory Listing of system files:
Volume in drive C is DSK1_VOL1
Volume Serial Number is 00DC-E4A0

Directory of C:\WINDOWS\System32

02/13/2005 11:15 PM <DIR> dllcache
09/21/2004 09:31 PM 1,104 Ahm9.ev7
04/04/2003 11:27 AM <DIR> Microsoft
09/30/1999 06:21 PM 166,672 mstext35.dll
09/28/1999 08:42 PM 1,050,896 msjet35.dll
09/09/1999 09:06 PM 168,720 msltus35.dll
09/09/1999 09:06 PM 252,688 msexcl35.dll
08/25/1999 01:57 PM 415,504 msrepl35.dll
06/07/1999 05:59 PM 250,128 mspdox35.dll
04/25/1999 04:00 PM 287,504 Msxbse35.dll
8 File(s) 2,593,216 bytes
2 Dir(s) 55,728,041,984 bytes free


Thanks,

RK
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP