Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

LH9903

14 Posts

2084

October 19th, 2005 17:00

i think its spyware

i was wondering if anyone can help me out. My internet explorer has websites in the favorites folder of which i never accessed and the addresses keep changing.   I believe this is called a browser hijack.  I did the spyware removal, and the adaware removal.  But they seem to be coming back everytime i run the removal programs.  What can i do to get rid of this hijack.

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

October 19th, 2005 18:00

Download the latest version of HJT(hijackthis) (version 1.99.1) from

http://majorgeeks.com/download3155.html

you must create a separate folder and place it there.... people commonly use C:\HJT.   Note:  Please do *NOT* use a TEMP (temporary) folder, *NOR* your DESKTOP, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use your DESKTOP.

The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer.   If for any reason, you're unable to UNzip it, you can download the already-unzipped .EXE file from http://downloads.malwareremoval.com/HijackThis.exe )

After Unzipping, double click on HiJackThis.EXE

Click on  Do a System Scan and Save a LogFile

This will automatically open NotePad

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

Then PASTE the results back here, appending it to this same thread.

Hopefully, one of the HJT experts will get to it as quickly as possible.

 

WARNING:  HiJack This is a VERY POWERFUL tool.  Do *NOT* do anything else (in particular, do NOT use it to delete any entries) until you are advised to do so!!   Improper use of this tool can severely damage your system.
 
 
Supplemental note:  The procedure as worded above has been carefully edited over time, so as to expedite the process of helping people.   Nevertheless, it seems that many individuals try to be "creative", and make some variations.  It really would be to your benefit if you follow these directions EXACTLY as stated... because certain changes on your part can result in slowing-down the help process. 
Specifically, the following are 3 very common BAD deviations which will cause delays:
a)  BAD:  using an older/outdated version of HiJackThis...
The experts only work with the current version.   So if you make a post with an older version, you'll simply be advised to get the latest version, re-run it, and re-post your log.
b) BADusing a TEMP directory or your DESKTOP for HJT....
Some experts may insist you move HJT before they'll begin working with you.   Others will start the repair process, advising you to move HJT as one of the very first steps.   Failure to do so can result in losing potentially critical information.   So please,  just use the suggested  C:\HJT  directory, rather than try to be creative.
c) BAD:  posting your log in the wrong forum...
if you post your log back in any other forum, it will "sit idly", either until the forum moderator gets around to move it for you... or until you decide to repost your log...  in the HiJackThis forum.

LH9903

14 Posts

October 19th, 2005 20:00

Here is what i got, what do i do now?

 

Logfile of HijackThis v1.99.1
Scan saved at 5:41:20 PM, on 10/19/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\WINDOWS\system32\apiab32.exe
C:\WINDOWS\netvl.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\America Online 9.0a\aoltray.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\AOL\1128515631\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1128515631\ee\AOLServiceHost.exe
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
c:\program files\common files\aol\1128515631\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1128515631\ee\AOLServiceHost.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {625A227C-8F17-DBE9-FC96-11C4EB6EC178} - C:\WINDOWS\sdkuv32.dll
O2 - BHO: Class - {D8F5208D-1C62-D1EA-50E4-3BAB8F309D7A} - C:\WINDOWS\atlpd.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [addsv32.exe] C:\WINDOWS\system32\addsv32.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128515631\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [mfcvn32.exe] C:\WINDOWS\mfcvn32.exe
O4 - HKLM\..\Run: [msgt32.exe] C:\WINDOWS\system32\msgt32.exe
O4 - HKLM\..\Run: [appjn.exe] C:\WINDOWS\appjn.exe
O4 - HKLM\..\Run: [netvl.exe] C:\WINDOWS\netvl.exe
O4 - HKLM\..\RunOnce: [Pest Cleaning] "C:\Documents and Settings\All Users\Application Data\AOL\UserProfiles\All Users\antiSpyware\dat\ppclean.exe" "clean" "silent" "smartfinder" "2"
O4 - HKCU\..\Run: [Turkey.exe] C:\DOWNLO~1\TURKEY~1.EXE /r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apiab32.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

 

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

October 19th, 2005 21:00

you have an ABOUT:BLANK (CoolWebSearch) infection.   i'm gonna try to call-in someone to assist you.  please be patient.

dobhar

2 Intern

 • 

1.1K Posts

October 19th, 2005 22:00

Hi LH...

My name is dobhar and I will be looking over your log. As ky331 posted earlier you do have an About:Blank nasty. Please give me some time to go look it over and I will post back as soon as possible. Please be patient as I am working on a few logs at the moment so I may not post back until late tonight or tomorrow morning. Please try not to surf the internet or reboot your computer until asked by myself. If you HAVE rebooted your computer since posting your HijackThis log could you please post another new log...I need to see if anything changed.

If you have any questions please post back as a reply to this Thread\Topic and I will be advised by email so I can return and help you. Do not start another Thread\Topic.

Thank You,

dobhar

2 Intern

 • 

1.1K Posts

October 20th, 2005 17:00

Hi LH...

Let's get to it... :)

________________________________________________________

Please print out or copy these instructions\tutorials to Notepad as the internet will be unavailble to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
________________________________________________________

Step 1.
==========
- Create a folder called Antispyware on your C: Drive
- Download the following tools but do not run until asked
1. Download HSFix.zip from http://users.telenet.be/marcvn/regfiles/HSfix.zip. Extract\Unzip it into its own folder under C:\Antispyware. Call the new folder HSFix
2. Download About:Buster5 from http://downloads.malwareremoval.com/AboutBuster5.zip. Extract\Unzip it into its own folder under C:\Antispyware. Call the new folder AboutBuster. check for updates
3. Download Trend Micro's CWShredder from http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe. Extract\Unzip it into its own folder under C:\Antispyware. Call the new folder C:\CWS

Step 2.
==========
Please download and install CCleaner from http://www.ccleaner.com/download123.asp
(Note: DO NOT run this program yet)

Step 3.
==========
Please download Ewido Security Suite from http://www.ewido.net/en/download/. It is a free version of the program.
- Install Ewido
- When installing the program, under " Additonal Options" uncheck...
* Install background guard
* Install scan via context menu
- Launch ewido, there should now be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- When you run ewido for the first time, you MAY get a warning " Database could not be found!". Click OK. We will fix this in a moment.
- You will need to update ewido to the latest definition files:
* On the left hand side of the main screen click " Update".
* Then click on " Start Update".
- The update will start and a progress bar will show the updates being installed. (Note: the status bar at the bottom will display "Update successful")
- Close Ewido Security Suite

(Note: If you are having problems with the updater, you can use this link to manually update ewido.
http://www.ewido.net/en/download/updates/)

Step 4.
==========
If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup instructions => http://rstones12.geekstogo.com/adawareSE_setup.htm
(Note: Please do NOT run it yet!)

Step 5.
==========
We need to stop a Service
- Click " Start" button then select " Run"
- Type services.msc then hit OK
- Scroll down and find the service called.

Network Security Service

- Right-click on Service and choose " Properties"
- On the " General" tab under " Service Status" click the " Stop" button to stop the service
- Beside " Startup Type" in the dropdown menu select " Disabled"
- Click Apply then OK. Exit the Services utility
(Note: If the service isn't listed go ahead with the rest of these instructions anyway)

Step 5.
==========
Let's delete that service
- Start HijackThis...
- Click " Config" button
- Click " Misc Tools" button
- click " Delete an NT Service" button
- Copy and Paste the bold text below in the " Delete an NT Service" window

( 11Fä#·ºÄÖ`I) <<<= Please note that I had to remove a letter B from the text as it was giving me problems pasting in the fix. So there is a letter B missing

- Click "OK"
- Close HijackThis

Step 6.
==========
- Disconnect from the internet for the duration of this fix = Very Important
- Reboot computer into " Safe Mode" Using the F8 method:
- As soon as the BIOS is loaded begin tapping the F8 key until the Boot Menu appears
- Use the arrow keys to select the Safe Mode menu item
(Note: For additional help in booting into Safe Mode, see the following site - http://www.pchell.com/support/safemode.shtml)

Step 7.
==========
We need to make sure all Hidden Files are showing so please:
* Open " My Computer" then click on " Tools" and from the drop down menu select " Folder Options".
* Select the " View" tab.
* Under the " Hidden files and folders" heading SELECT " Show hidden files and folders".
* UNCHECK the " Hide file extensions for known types option".
* UNCHECK the " Hide protected operating system files (recommended) option".
* Click " Yes" to confirm.
* Click " OK"

Step 8.
==========
- Navigate to C:\Antispyware\HSFix folder
- Double-click on the HSfix.reg
- Grant it permission to MERGE into the registry items

Step 9.
==========
- Navigate to C:\Antispyware\CWS folder
- Double-click on CWShredder.exe to start it
- click the "Fix ->" button
- You will be prompted that CWShredder will shutdown any Internet Explorer and Windows Media Player windows. click " OK" to continue
- Let it run completely to delete anything it finds
- After its scan, click " Next", then " Exit"

Step 10.
==========
Delete the following file(s) in BOLD only. (Note: Don't be concern if can't find but advise if not found)
File(s)...
C:\WINDOWS\ rqbex.dll = Delete This File
C:\WINDOWS\ sdkuv32.dll = Delete This File
C:\WINDOWS\ atlpd.dll = Delete This File
C:\WINDOWS\ mfcvn32.exe = Delete This File
C:\WINDOWS\ appjn.exe = Delete This File
C:\WINDOWS\ netvl.exe = Delete This File
C:\WINDOWS\System32\ addsv32.exe = Delete This File
C:\WINDOWS\System32\ msgt32.exe = Delete This File

Step 10.
==========
- Close all Windows and programs
- Run HijackThis...
- Select\check the following entries, Double-check to make sure that only these entries are checked...

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\rqbex.dll/sp.html#27859
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {625A227C-8F17-DBE9-FC96-11C4EB6EC178} - C:\WINDOWS\sdkuv32.dll
O2 - BHO: Class - {D8F5208D-1C62-D1EA-50E4-3BAB8F309D7A} - C:\WINDOWS\atlpd.dll
O4 - HKLM\..\Run: [addsv32.exe] C:\WINDOWS\system32\addsv32.exe
O4 - HKLM\..\Run: [mfcvn32.exe] C:\WINDOWS\mfcvn32.exe
O4 - HKLM\..\Run: [msgt32.exe] C:\WINDOWS\system32\msgt32.exe
O4 - HKLM\..\Run: [appjn.exe] C:\WINDOWS\appjn.exe
O4 - HKLM\..\Run: [netvl.exe] C:\WINDOWS\netvl.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\update.exe
O23 - Service: Network Security Service ( 11Fä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\apiab32.exe <<<= Please note that I had to remove a letter B from the text as it was giving me problems pasting in the fix. So there is a letter B missing

- Click the " Fix checked" button...
- Close HijackThis

Step 11.
==========
We now need to cleanup all the Temp, Temorary Internet Files, Recycle Bin, etc...
- Start the CCleaner program
- Get into " Options" => Select " Advanced" => Deselect\uncheck " Only delete files in Windows Temp folders older than 48 hours"
- We are only going to work with the "Cleaner" section. (Note: Do not use the "Issues" section)
- click on the Run Cleaner button in the lower right-hand corner
- After complete close program
- Make sure the Recycle Bin is empty

Step 12.
==========
- Browse to C:\Antispware\aboutuster folder
- Double-click on AboutBuster.exe to start it
- Click Begin Removal to allow AboutBuster to scan
- When it has finished, AboutBuster will open a " Scan Completed" window. Click OK
- Another information window will open. Click on Exit
- AboutBuster will inform you that a log has been created. Click OK. I will need you to post that log later.

Step 13.
==========
- Start Ad-aware SE 1.06 and do a full scan
- Remove all it finds

Step 14.
==========
- start Ewido Security Suite
- Click on " Scanner. (Note: Do not start any programs or open any windows while Ewido is scanning)
- Click on " Complete System Scan", the scan will now begin.
- While the scan is in progress you will be promted to clean files, click " OK".
- When it asks if you want to clean the first file, put a checkmark in the lower left corner of the box that says " Perform action on all infections", then choose " Clean" and click " OK".
- Once the scan has completed, there will be a button located at the bottom of the screen named " Save Report".
- Click " Save Report".
- Now save the report .txt file to your desktop.
- Close Ewido Security Suite

Step 15.
==========
- Reboot your computer back into " Normal Mode" and re-connect internet connection
- Post back a fresh new HijackThis log
- Post back the Ewido scan log
- Post back results of CWShredder scan
- Post back the About:Buster log

Message Edited by dobhar on 10-21-2005 01:29 AM

LH9903

14 Posts

October 21st, 2005 12:00

One more thing, when you told me to disable the network security service, it  ddidn't list it on my computer.  It does list network DDE, which is also some type of security service.  Do I disable this one?

I really appreciate your help.  Thanks so much!!

LH9903

14 Posts

October 21st, 2005 12:00

I'm having a problem with step 5, it tells me the "service was not found in the registry...make sure you entered the short name of the service".   What am i doing wrong?

dobhar

2 Intern

 • 

1.1K Posts

October 21st, 2005 14:00

Hi LH...

Please skip Step 5 and continue on...We will see if it shows up in the next HijackThis log.

Thanks,

LH9903

14 Posts

October 21st, 2005 19:00

Ok, I did everything (hopefully I did it right), and here are the results....let me know if it's good.  Also, how can i prevent this from happening again?  Thanks again...sooooo much!!

 

AboutBuster 5.1, reference file 32
Scan started on [10/21/2005] at [2:11:58 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
Removed File! : C:\WINDOWS\lxpte.dat
Removed File! : C:\WINDOWS\xgkoh.dat
Removed File! : C:\WINDOWS\System32\aylxo.dat
Removed File! : C:\WINDOWS\System32\galfz.dat
Removed File! : C:\WINDOWS\System32\idmoc.dat
Removed File! : C:\WINDOWS\System32\urjfp.dll
Removed File! : C:\WINDOWS\System32\xakqy.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 2:13:09 PM

LH9903

14 Posts

October 21st, 2005 19:00

I've been trying to send the ewido report, but it doesn't seem to be sending it. 
I'll send it in parts.
 ewido security suite - Scan report
---------------------------------------------------------
 + Created on:   3:25:38 PM, 10/21/2005
 + Report-Checksum:  7CAA03DF
 + Scan result:
 HKLM\SOFTWARE\Classes\CLSID\{033935E4-A208-AB9E-DD2A-6A9B7E426D04} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{03986A99-8487-BF06-A53A-7D6D4ED76483} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{041D1EC3-6007-E092-7365-E16CBCAE9E0B} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{0458C7E1-967D-72B5-37E0-291214822599} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{097FBE5D-0CB9-381B-B07B-EDBEFEEADD4B} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{0C5210E4-1BEF-9A5C-6EDA-012321DE19B3} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{0CDE1393-0654-19DD-97B4-CFD118BE169A} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{0E594352-A957-6820-4820-A4904CB77B7B} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{14697B9D-80B3-6F3E-5DD5-6A207F1EB529} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{1714A690-3BE3-3C63-D05D-B9E2E19A88A3} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{19313A03-FF80-F8F6-1CA0-41EB510809FD} -> Spyware.MidAddle : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{197A8D26-DFA5-F761-1F4B-4A8703447597} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{19909ED9-FBD8-EB91-C381-7E3707902938} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{1A15F225-55D1-2004-F817-B224A68490B9} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{1D05561B-DD9B-F49D-6A11-B07C2D63FF20} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{1EA0CE66-D6D5-2CEB-D734-97906011F9A8} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{1EDD4ABB-7FFA-7AE7-2EE1-CAFAB2F1005B} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{205DF8D3-61F8-8A69-EF22-B24BFD28CEAC} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{21F34AD5-BCB5-418D-B555-4D50A03A456C} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{22AF8480-A15F-EF17-D45E-7D6C9102E4EB} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{242A9AED-0D60-575C-1AD0-8BA38C428683} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{24D627C3-088F-DDEB-85B3-5A49ED6BD761} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{25ADEB1C-223C-2A7D-D3AD-712F742ABDB1} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{2760207D-F6BA-6516-0C1A-8C995844B1D4} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{2791C729-2474-F3F0-7441-0CF258BD877E} -> Spyware.CoolWebSearch : Cleaned with backup
 HKLM\SOFTWARE\Classes\CLSID\{2794292C-4490-D271-09E1-C39277C2D52A} -> Spyware.CoolWebSearch : Cleaned with backup

LH9903

14 Posts

October 21st, 2005 19:00

HKLM\SOFTWARE\Classes\CLSID\{C7D795AC-547B-FA4B-091B-30C3C67B7D07} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{C90592CB-B294-397E-DF83-995F7912652D} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{CBD8F541-0C17-2308-CE59-19ACBB1E7CB6} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{CFEE94A2-6DC5-1DD4-6319-B8255C0DD757} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{D446D353-2612-B1DE-AEAC-943143F318FA} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{D476235C-961C-D6D6-CAE8-B8289B91FF7B} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{D757C266-5087-B9EF-B128-EDF9DA763B6F} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{D7E7CCE3-E897-0FF8-81D6-3F27EA1CA24E} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{D8393797-5C42-5AF6-29D9-853802A830DA} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{D9362F75-D876-961B-C243-0BA9967868E7} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{DAC63EBB-1C44-604E-9716-DEFEB9E0B262} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{E1259401-E429-8855-B814-BD6EF247346C} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{E15C1770-8B06-C7F0-92C3-8514CE8ED8C1} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{E2C9F72D-0138-BCB7-FEC5-19DFD2369867} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{E5181BB3-B821-0D7B-D568-3766286D5460} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{E5D9D755-2D91-6CBE-9628-DE15E878CAF8} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{E5E7F1CA-5A18-A75A-2286-0FF9E3A0C2CA} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{E8BE460C-88BB-619C-35B7-6E19B5881993} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{E9342878-FCEA-230B-E4D2-5712935070EA} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{EA8D55E4-50DB-BF83-81A8-FC5C2FA41AE7} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{EAB9C89C-A224-B071-97DC-24A78995DD29} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{EC3AD07F-3DBE-C7B3-AD29-010A94FC8B05} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{EDB041DC-4D4D-649F-F3B9-249E35ABBEF0} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{EE7118D1-F99F-AAF0-2F73-A1C63E7FE7B3} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{EE7430B5-880B-955D-AF46-8C653AEAD8F8} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{EF0D6CC5-BD7A-7645-9AD2-491794D22499} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{EFE2401F-58EB-970A-B52C-25B8387442DA} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F11F9DB0-0FF7-6C42-7FE8-403827B54315} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F1A6A9B5-3C41-5DA5-986D-F3935E072EF1} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F1B9DA5C-979C-674E-BDC1-14B48E7FDF72} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F3CE29D7-1F3D-C3AE-8BFA-949DD938C336} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F3DD5740-8C65-5FF3-1225-F170898543B8} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F4761F73-A09E-0085-A899-CE89E4EFC5B7} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F573A15E-4E08-2CE8-1F75-3F0D794E2E42} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F6BFC595-569B-A80C-DEE4-5AE687AF21D2} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F6ED913D-FAB1-F1A5-C359-4E2B2AC7B284} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{F81F861E-BD6D-4CF2-2AC2-69DCF3E68324} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{FA368488-8008-3889-4E2F-86BBFD486BD2} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{FB118E8B-875C-AD27-289B-C22A5B4AA454} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{FBC662AC-AA0D-1389-1431-40872CBDACA2} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{FBFA0821-F15D-97FF-D52D-E906EAEA0F99} -> Spyware.CoolWebSearch : Cleaned with backup  C:\Program Files\Internet Explorer\update.exe -> TrojanProxy.Mitglieder.aw : Cleaned with backup  C:\Q250204.exe -> TrojanDownloader.WinShow.r : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000005.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000005.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000005.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000005.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000005.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000005.PIF:uepqry -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP0\A0000005.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000025.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000025.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000025.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000025.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000025.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000025.PIF:uepqry -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000025.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000051.exe -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000109.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000109.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000109.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000109.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000109.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000109.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000109.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000109.PIF:uepqry -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000109.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000211.exe -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000212.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000212.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000212.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000212.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000212.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000212.PIF:uepqry -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000212.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:oxbfpl -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:uepqry -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000222.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:oxbfpl -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:uepqry -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000231.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:oxbfpl -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:uepqry -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000243.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:oudkxq -> Spyware.SearchPage : Cleaned with backup

LH9903

14 Posts

October 21st, 2005 19:00

HKLM\SOFTWARE\Classes\CLSID\{280CA95C-CBA3-486E-5BCD-B3B542DA458A} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{286ECE71-3F17-089B-F6BD-0E16D255AE8A} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{2B3E67AD-604C-9879-98F0-52FDEEAE4D63} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{2B3FC2B5-8EC5-0AC5-D56B-8208A144A487} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{2C21BAA6-325A-A257-9DFA-7425A21F1A16} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{2FA09459-FBD9-B08C-81EF-6EA62F5DB101} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{32411A5D-AEB5-6507-BD50-A6A678D49817} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{32587655-ECC2-9311-95C4-B841B07B7A99} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{32FBCE5B-436D-3987-125B-379933C8F470} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{337E0629-2148-2599-602E-569DE2D76764} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{338E88E9-D821-1C15-A00D-907AB980E988} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{34008A69-BA68-8165-F6D2-77FCBCE7DCC4} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{341F535C-9E0C-261C-AEDC-D7DD7B74CC80} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{353933B6-2ECF-A0F1-F1EB-C0B9FE2EF168} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{3592B2D9-6ECF-2944-7066-4AD1D7DD85E6} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{3757D8EC-FD1D-A2F5-366B-C8C2FEE89B04} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{37D770DC-7684-506E-506F-B70AAFEB6F95} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{3A482D62-46BD-BFCC-C3D0-FEA02E1F0B01} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{3C0C175E-A970-3203-8173-2907F58C423E} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{3C149E0B-2AF5-C8DC-F78A-AAC09F8001C3} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{3E627C24-9568-0685-9082-70CE4F9DCD1E} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{3F3C43E7-3DC7-199D-1F75-434311809D82} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{4009677E-2EA7-5398-CDCD-B1C87ED5239D} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{407FFCD2-654F-817E-A2EE-B535B9FBC95D} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{44FA143F-05A1-A796-536B-363BB7DC977C} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{453518E9-0377-933E-AE94-6C92B4BF9FC6} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{46573A23-343E-58A3-FFA8-2F9550FE8774} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{4DAC7D8D-9C1A-3965-E63E-6CDFBCD1EB33} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{4FBFBE36-BC17-CAB4-CA0B-1F18DD30B292} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{4FC7118F-CEC2-4822-4FA2-BD496C690A0C} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{50D9F2AB-8EC8-43E6-7C24-956820685690} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{518D1E4B-6041-652D-733B-A730792CAADD} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{51F24A75-CE33-D482-1EBC-0F319E5B6199} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{569A8D32-0108-F6A7-6EE3-9094FC97B318} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{57E2A8F4-A957-3F30-9323-88485335C5DC} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{59EE675B-6A9B-6F9E-50B2-F9D78BD7C3B7} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{5D33A44A-D172-D515-CEAB-FAA417EE08CA} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{5E51824C-52E0-D124-BFC7-DEAEE6504984} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{5E6B001B-4822-1AE8-8C64-EAE60D74D00C} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{5EC2D84A-6626-8AF1-C8EB-B573423538B1} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{6257B617-2809-056A-FCEC-83AB849FBF72} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{63E8EDC0-6A5F-1D25-5DB2-1B10E38C98A3} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{64FC896F-F223-9929-AE61-5B3CD69B9146} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{66EDF9AC-64E1-604D-EADE-7B853B8F23FF} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{66F47DB1-18C4-9337-E85F-30B8B1DD594A} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{68454196-47E8-C18D-A500-7C44E2066D18} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{6A3C5AEB-2856-9DC8-A5D7-C63EDEC0AF15} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{6A5229C9-2F01-6A52-521F-8F546DED11C7} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{6EE714D9-32A7-986A-B54E-A994F454EDD3} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{705339A9-706D-B4BE-5A24-DBE10DE51732} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7359F8C5-7626-32C9-DA3E-ECDBA6CDF831} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7470F262-EE76-4C96-C6B1-C89A02CDC7FF} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{76262037-1236-D9CA-785D-06289CAADCDE} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7680E416-7D05-25A0-B061-94CA15C1484C} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{77CDFCA0-BA97-CA0C-618F-7AA1690AB92B} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{77E35B59-5DBF-CA0F-2037-00B52E21E874} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7A66D0FF-9707-2E41-A80D-7DE113BDAC8B} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7D070854-E058-6CF4-D6A2-C2D80E5B5124} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7DE152D8-309F-6788-9563-DF3BA708A2CC} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7E118BD3-544A-455F-07DD-AACFDEAC5940} -> Spyware.Parasite : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7E562404-C395-FEAE-9587-21D1288BA8BF} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7E5B9131-9DA3-5441-BE0E-FA6A3B539A96} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{7FE16BED-1E1A-0F9A-E962-90627CF19B7B} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{818D123D-B7CF-1169-DD32-2310AD262479} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{81970AF7-966E-6A37-8990-01F3D1C5C2B2} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{81A4261C-171F-77DC-FD21-B540588D285C} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{822904F6-6515-F4CA-FCA6-3DD79347C0E0} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{82315E43-11FA-6C58-5A20-2880E5C9C491} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{827DD3AD-B77D-3E4E-38A7-D343DB29D4AB} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{82928524-2796-D201-7EF9-9AD26C680B62} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{83932FFA-626F-D818-24C0-738D1BC631BF} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{83F01EC6-1966-280C-39C0-52CF1BB626F6} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{83F24B08-AF24-AADE-19B1-E8C89AC653C5} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{84CDE153-4CAD-FC75-55E6-8EC38BB49B2C} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{854F3880-4AA1-AF49-995D-6630908AFE8A} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{875B618B-4CE8-C142-6FBE-5F35522E2AB0} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{89A41BA6-8DED-9D6C-F52D-289B010E519A} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{8B39AA17-3978-F260-9FEA-931168F79497} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{8C5CCFEB-D80B-9087-AE97-C7343DA6EFDD} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{8DFCBD6E-113A-2348-6A3E-397AD2C21017} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{8EA257CF-EDDF-09CA-1536-29E313C464B0} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{94411682-B9FC-FEB4-9621-5E2E45736A51} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{95C43FF9-1045-B100-7E1E-8C9905C3936A} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{9633E7CB-D24D-2353-E8EC-FCF820661F42} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{988F33DF-14DB-9347-ED73-E0CDCC695426} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{99D764FC-CDD7-00B8-618D-0880E43E5DFC} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{9A65FF84-5F62-35FE-18D6-0C43F27B7AEB} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{9A711817-CADB-FD03-EBB1-4E2FC70601C2} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{9A8F5394-C42E-426F-B539-E4F44D9C9347} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{9B7AA2D3-CA0E-B818-FD5B-907092B4D8F1} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{9C0FBA5F-3F3D-397E-15C0-85E3828D8424} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{9CD671F4-EDF9-74CB-0600-1C50A9A949DB} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{9E1455BA-AB98-5AEA-F11B-65367B604345} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{9E1E5C74-8A47-A3B8-9D79-4318AF0FE18F} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A0EA3DBC-1C42-9C3C-FF47-58A371550D9B} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A2341EC7-2146-9AD5-C963-1C8D49C2EB4C} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A30060E0-10B2-647D-4800-6D1C8285DCB5} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A37B1EF1-FF7A-A47A-8449-3BCE6606697A} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A4842560-CE4E-8858-6B28-E50CEB6F759E} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A52FA47B-BA50-C6CB-6B02-1F30CC46D589} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A692FF9A-5879-5C99-6791-53A31CA19934} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A6C8BED8-E31F-6041-4D51-7AC396F2F8F7} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A74D4CE3-CEAE-D2F7-A231-D25802D9DD83} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{A8EDB036-4D54-9260-4A3A-5F029E67878B} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{AA258D02-7EAF-CF17-74F9-F542353A0DA6} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{AD9876EA-8A49-27FD-86D3-65090565FBCF} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{AEADE211-1738-D170-94D4-88BB276E7B57} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{AF451484-05EA-655A-4EE7-4B4F9A677388} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{B063B761-34B8-42D9-CBCD-08B0A1D3E8D4} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{B279D474-B064-DCC7-5638-6B0E0A96537C} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{B59A1E0B-4C94-AA3A-C37F-94C8BFC643E7} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{B784881A-C236-6F52-D86B-285DC0FC4011} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{B78A202C-9FF5-481D-3E8C-0877C167707F} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{B7C06F7A-7E5B-8248-7CE7-E61C97F1037E} -> Spyware.MidAddle : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{B7F1ECE3-B414-B58B-B0A0-B0033802A5E4} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{B81896EA-E0AA-92AA-BF67-14B1C8C5A7E4} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{B825DEE4-D4B5-9286-E839-48249C3E89A6} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{BA8D102D-D4D4-FC91-2FA4-F6E3967C5E5D} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{BB35FD19-38F4-89DC-FA76-BA6507A5C6D7} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{BCF3D9B9-2A98-D31B-CDFB-D21F5D81CA48} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{BDA8AF27-D057-4727-6CE7-CFF4CE61A0FD} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{C0C3B877-2F73-D5F0-470E-5687890C47C6} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{C3802DB0-6240-6D7A-3197-2AC5C46F55B7} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{C3EAA18C-9344-C91C-7AEA-9FEE6792B86A} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{C47A8D54-394B-A651-BDA6-E93204990AC2} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{C5CF0033-FE6F-DFFB-1A79-2FD325A2F704} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{C5FF3936-BB85-1990-6EF1-FCC8C4F519B3} -> Spyware.CoolWebSearch : Cleaned with backup  HKLM\SOFTWARE\Classes\CLSID\{C6D51432-AEA1-C0D6-61F5-C10ABA6C8A0D} -> Spyware.CoolWebSearch : Cleaned with backup

LH9903

14 Posts

October 21st, 2005 19:00

Hopefully, i did it right. Please review and let me know...thanks sooo much!!

LH9903

14 Posts

October 21st, 2005 19:00

 C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000312.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:oudkxq -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000373.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:oudkxq -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000503.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000526.exe -> Spyware.Trymedia : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:oudkxq -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000586.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:oudkxq -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000596.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:oudkxq -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000611.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:oudkxq -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000621.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:cdwlpn -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:dgpowm -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:dxhge -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:iaogei -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:kbzfr -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:lvnom -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:oudkxq -> Spyware.SearchPage : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:qiflt -> TrojanDownloader.Agent.td : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:sntopa -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:umnyhk -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:wwjsmj -> Trojan.Agent.bi : Cleaned with backup  C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP1\A0000673.PIF:xfynho -> Trojan.Agent.bi : Cleaned with backup

LH9903

14 Posts

October 21st, 2005 19:00

Logfile of HijackThis v1.99.1
Scan saved at 3:53:08 PM, on 10/21/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\America Online 9.0a\aoltray.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\AOL Companion\companion.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\AOL\1128515631\ee\AOLHostManager.exe
C:\Program Files\Digital Line Detect\DLG.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Verizon Online\SupportCenter\bin\mpbtn.exe
C:\Program Files\Common Files\AOL\1128515631\ee\AOLServiceHost.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
c:\program files\common files\aol\1128515631\ee\services\antiSpywareApp\ver2_0_7\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\1128515631\ee\AOLServiceHost.exe
C:\Program Files\iPod\bin\iPodService.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Common Files\Aol\aoltpspd.exe
C:\WINDOWS\system32\cidaemon.exe
C:\hijack files\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\VERIZO~1\SUPPOR~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1128515631\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKCU\..\Run: [Turkey.exe] C:\DOWNLO~1\TURKEY~1.EXE /r
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Verizon Online Support Center.lnk = C:\Program Files\Verizon Online\SupportCenter\bin\matcli.exe
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {DB0474CC-8EF6-47FC-905B-23FC58A70817} (RegPropsCtrl Class) - http://download.verizon.net/sfp/Cabs/hst/webinstall/HstWebInstall.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0AABFD38-03D4-40A2-BD1B-2E7DF51314AC}: NameServer = 205.188.146.145
O17 - HKLM\System\CS1\Services\Tcpip\..\{0AABFD38-03D4-40A2-BD1B-2E7DF51314AC}: NameServer = 205.188.146.145
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

Was this post helpful?

View All

0 events found

No Events found!

Top