Tech Support banner

Status
Not open for further replies.
1 - 9 of 9 Posts

·
Registered
Joined
·
4 Posts
Discussion Starter #1
=========================I am having lots of problems with windows explorer, blocked web sites, slow performance... Any help would be most appreciated. Thank you in advance. Marty Party





-------------------------------------------------------------------------------------------------------------Log hjt starts here.===========================================
Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Logfile of HijackThis v1.99.1
Scan saved at 3:17:28 AM, on 9/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://us.rd.yahoo.com/customize/links/ymsgr7/*http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

http://www.bestwebslinks.com/search.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

http://www.bestwebslinks.com/
R3 - Default URLSearchHook is missing
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} -

C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program

Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\windows\System32\wintems.exe
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program

Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program

Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} -

C:\Program Files\Yahoo!\Common\yiesrvc.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner

Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage

Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) -

https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) -

C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -

http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_s

ite.cab?1125804338687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb

_site.cab?1125804680531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -

http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housec

all/xscan53.cab
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} (Toontown Installer ActiveX

Control) - http://download.toontown.com/sv1.0.15.28/ttinst.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) -

http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} -

C:\WINDOWS\System32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation -

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program

Files\ewido\security suite\ewidoctrl.exe
O23 - Service: TapeWare - Unknown owner - C:\Program

Files\TapeWare\TWWINSDR.EXE


End of KRC HijackThis Analyzer Log.
====================================================================
 

·
Registered
Joined
·
4 Posts
Discussion Starter #2 (Edited by Moderator)
follow up w/ new hjt analyzer

I cannot open any attachments or view any video? Seem to be problems in explorer and media player?
Thanks for any help. MP


Log was analyzed using KRC HijackThis Analyzer - Updated on 8/4/05
Get updates at http://www.greyknight17.com/download.htm#programs

***Security Programs Detected***

Logfile of HijackThis v1.99.1
Scan saved at 1:36:21 PM, on 9/9/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\Documents and Settings\Administrator\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.rd.yahoo.com/customize/links/ymsgr7/*http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [ssgrate.exe] C:\windows\System32\wintems.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125804338687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125804680531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE


End of KRC HijackThis Analyzer Log.
========================================================
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
Hello and Welcome to TSF!

Please subscribe to this thread to get immediate notification of fixes as soon as they are posted.

You do not appear to have an anti-virus application installed on this machine. Let's start off by getting you a free but yet effective antivirus program. Please choose one from any of these 3 programs which are free for home use:
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Before proceeding any further, please create a new directory - C:\PROGRAM FILES\HIJACKTHIS\
Re-locate your HijackThis files to the new directory


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Please download these additional files/programs. Do not run them until instructed to do so.
Unless otherwise stated, they should be stored in same directory as the HiJackThis program.

CleanUp.exe - Install.

'UNPLUG'/DISCONNECT YOUR COMPUTER FROM THE INTERNET WHEN YOU HAVE FINISHED DOWNLOADING


This webpage would not be available when you're carrying out the fix. Please save the following instructions in Notepad. I have customed my instructions on the assumption that you are using Notepad. It may lead to some confusion should you choose to do otherwise.

If there's anything that you don't understand, kindly ask your questions before proceeding with the fixes. There should not be any opened browsers when you are carrying out the procedures below.


IT IS IMPORTANT THAT YOU DON'T MISS A STEP & PERFORM EVERYTHING IN THE RIGHT ORDER.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


CLOSE ALL OTHER PROGRAMS & ALL OPENED WINDOWS


Run a scan with HiJackThis & select/tick the following & click "Fix checked" :

R3 - Default URLSearchHook is missing
O4 - HKCU\..\Run: [ssgrate.exe] C:\windows\System32\wintems.exe



= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Start HiJackThis & go to Config>Misc.Tools> Delete a file on reboot...
  1. In the popup box that appears, type in C:\windows\System32\wintems.exe
  2. Click the Open button.
  3. Click YES when prompted to restart your computer.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Run Cleanup! using the following configuration:

1. Click Options...
2. Set the slider to Standard CleanUp!
3. Uncheck the following:
  • Delete Newsgroup cache
    [*]Delete Newsgroup Subscriptions
    [*]Scan local drives for temporary files
4. Click OK
5. Press the CleanUp! button to start the program. Reboot/logoff when prompted.
* CleanUp! will not create any backups!!


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Perform an online scan with Internet Explorer at one of the following sites:
Take note the names and locations of any file it detects but fails to clean.
* Turn off the real time scanner of any existing antivirus program while performing the online scan


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


Download Trend Micro™ Anti-Spyware (by clicking the "Scan and Clean your PC" button).
  • Double-click the tmas-web-scan.exe icon
  • It will say "Loading TrendMicro definitions".
  • Click "Start Scan"
After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. I then need you to repeat the same procedure above again... using the TrendMicro tool. I need the log from the second scan/clean...NOT the first...as this will contain what’s left in the system.

In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them here.


= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = =


In your next post, please include fresh logs from:
  1. HiJackThis
    [*] Online scan
    [*] Antispyware.log
Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now
 

·
Registered
Joined
·
4 Posts
Discussion Starter #4
I could not get either Panda nor Kaspersky to operate in IE. The pop up window to scan were blocked. This is the same thing w/ my attachments in Yahoo. MP


here is my hjt log:

Logfile of HijackThis v1.99.1
Scan saved at 12:43:35 PM, on 9/14/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\windows\System32\svchost.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\windows\System32\wuauclt.exe
C:\windows\Explorer.EXE
C:\windows\System32\wuauclt.exe
C:\Program Files\hijackthis\HijackThis-1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.rd.yahoo.com/customize/links/ymsgr7/*http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125804338687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125804680531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE



-----------------------------------------------------

here is my trend anti micro log::

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HEIN-39XEB87FH0
Time=Sat Sep 10 06:30:55 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional Service Pack 1 (Build 2600)

IE Plugins: Found '{53707962-6F74-2D53-2644-206D7942484F}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects'
IE Plugins: Found '{014DA6C9-189F-421a-88CD-07CFE51CFF10}' in 'SOFTWARE\Microsoft\Internet Explorer\Toolbar'
Web Browser Security Settings: Found 'Default_Page_URL' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Web Browser Security Settings: Found 'Search Bar' in 'SOFTWARE\Microsoft\Internet Explorer\Main'
Web Browser Security Settings: Found 'DisableCachingOfSSLPages' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings'
Web Browser Security Settings: Found 'WarnOnZoneCrossing' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings'
Web Browser Security Settings: Found 'Persistent' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache'
Web Browser Security Settings: Found 'CheckExeSignatures' in 'Software\Microsoft\Internet Explorer\Download'
Web Browser Security Settings: Found 'msn' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ '
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolporngalleries.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\coolporngalleries.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\loadcash.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\loadcash.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\s13.tempx.cc'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sex-pics.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sex-pics.biz'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trackhits.cc'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\tracktraff.cc'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vparivalka.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\vv7.al.57e.net'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\win-eto.com'
Web Browser Security Settings: Found 'http' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xawm.biz'
Web Browser Security Settings: Found 'https' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xawm.biz'
Web Browser Security Settings: Found 'Send To Bluetooth' in 'Software\Microsoft\Internet Explorer\MenuExt\Send To &Bluetooth'
IE Downloaded Program Files: Found 'SupportSoft Script Runner Class' in 'C:\WINDOWS\Downloaded Program Files\tgctlsr.dll,C:\WINDOWS\Downloaded Program Files\tgctlsr.inf'
IE Downloaded Program Files: Found 'LSSupCtl Class' in 'C:\WINDOWS\Downloaded Program Files\LSSupCtl.inf'
IE Downloaded Program Files: Found 'YInstStarter Class' in 'C:\Program Files\Yahoo!\Common\yinsthelper.dll,C:\Program Files\Yahoo!\Common\yinst.inf'
IE Downloaded Program Files: Found 'HouseCall Control' in 'C:\WINDOWS\aucfg.ini,C:\WINDOWS\tmupdate.ini,C:\WINDOWS\patchw32.dll,C:\WINDOWS\Downloaded Program Files\xscan.inf'
IE Downloaded Program Files: Found 'ActiveDataInfo Class' in 'C:\WINDOWS\Downloaded Program Files\SymAData.dll'
Windows Policy Settings: Found 'restrictanonymous' in 'SYSTEM\CurrentControlSet\Control\Lsa'
Windows Policy Settings: Found 'forceunlocklogon' in 'SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon'
Services: Found 'AVG7 Alert Manager Server' in ''
Services: Found 'AVG7 Update Service' in ''
Services: Found 'Bluetooth Service' in ''
Services: Found 'TapeWare' in ''
Windows Shell Settings: Found 'AVG7 Shell Extension' in 'SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\AVG7 Shell Extension'
Windows Shell Settings: Found 'NetWareUNCMenu' in 'SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\NetWareUNCMenu'
Windows Shell Settings: Found '{6af09ec9-b429-11d4-a1fb-0090960218cb}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{8e9d6600-f84a-11ce-8daa-00aa004a5691}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{e3f2bac0-099f-11cf-8daa-00aa004a5691}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{52c68510-09a0-11cf-8daa-00aa004a5691}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{A4DF5659-0801-4A60-9607-1C48695EFDA9}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{5464D816-CF16-4784-B9F3-75C0DB52B499}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{9F97547E-4609-42C5-AE0C-81C61FFAEBC3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found '{9F97547E-460A-42C5-AE0C-81C61FFAEBC3}' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved'
Windows Shell Settings: Found 'Personal' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders'
Program Startup Areas: Found 'IgfxTray' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'CamMonitor' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'AVG7_CC' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'AVG7_EMC' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'AVG7_Run' in '.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'AVG7_Run' in 'S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'AVG7_Run' in 'S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'AVG7_Run' in 'S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
Program Startup Areas: Found 'C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe' in 'C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk'
Started Scanning
Internet Cookies
Internet Cookies: Found 'atdmt.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'doubleclick.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'mediaplex.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Windows Registry: Found '' in '.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Found '' in 'S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Found '' in 'S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Found '' in 'S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Found '' in 'S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Found '' in 'S-1-5-21-507921405-2077806209-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Found '' in 'S-1-5-21-507921405-2077806209-839522115-500_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Found '' in 'S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Found '' in 'SOFTWARE\MySearch\bar'
Windows Registry: Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin\CurVer'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup\CurVer'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown\CurVer'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown.1\CLSID'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown.1'
Windows Registry: Found '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\Version'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\MiscStatus\1'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\MiscStatus'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\InprocServer32'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6CE-189F-421a-88CD-07CFE51CFF10}\Instance\InitPropertyBag'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6CE-189F-421a-88CD-07CFE51CFF10}\Instance'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6CE-189F-421a-88CD-07CFE51CFF10}\InprocServer32'
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{014DA6CE-189F-421a-88CD-07CFE51CFF10}'
Windows Registry: Found 'CacheDir' in 'SOFTWARE\MySearch\bar'
Windows Registry: Found 'HistoryDir' in 'SOFTWARE\MySearch\bar'
Windows Registry: Found 'Id' in 'SOFTWARE\MySearch\bar'
Internet URL Shortcuts
Files and Directories
Files and Directories: Found '7E422CA4-A464-46BF-8B3F-7118CE' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\37D42C1F-9F7C-48A1-BB67-E0480C'
Files and Directories: Found '' in 'C:\Program Files\MySearch'
Files and Directories: Found '' in 'C:\Program Files\MySearch\bar'
Files and Directories: Found '' in 'C:\Program Files\MySearch\bar\Cache'
Files and Directories: Found '17B4AD0E.bin' in 'C:\Program Files\MySearch\bar\Cache'
Files and Directories: Found '' in 'C:\Program Files\MySearch\bar\History'
Files and Directories: Found '' in 'C:\Program Files\MySearch\bar\Settings'
Files and Directories: Found '' in 'C:\Program Files\MyWay'
Files and Directories: Found 'Date.ico' in 'C:\WINDOWS\system32'
Files and Directories: Found 'network.ico' in 'C:\WINDOWS\system32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Internet Cookies: Cleaned 'atdmt.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'doubleclick.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'mediaplex.com' in 'Internet Explorer Cache'
Windows Registry: Cleaned '' in '.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Cleaned '' in 'S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Cleaned '' in 'S-1-5-19_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Cleaned '' in 'S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Cleaned '' in 'S-1-5-20_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Cleaned '' in 'S-1-5-21-507921405-2077806209-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Cleaned '' in 'S-1-5-21-507921405-2077806209-839522115-500_Classes\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Cleaned '' in 'S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Windows Registry: Cleaned '' in 'SOFTWARE\MySearch\bar'
Windows Registry: Cleaned '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin\CurVer'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin\CLSID'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin.1\CLSID'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin.1'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.SettingsPlugin'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup\CurVer'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup\CLSID'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup.1\CLSID'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup.1'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeStartup'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown\CurVer'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown\CLSID'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown.1\CLSID'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown.1'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\MySearchToolBar.NetscapeShutdown'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6CC-189F-421A-88CD-07CFE51CFF10}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6CA-189F-421A-88CD-07CFE51CFF10}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\Version'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\MiscStatus\1'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\MiscStatus'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}\InprocServer32'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6C3-189F-421a-88CD-07CFE51CFF10}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6C6-189F-421A-88CD-07CFE51CFF10}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\TypeLib'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid32'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}\ProxyStubClsid'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{014DA6C4-189F-421A-88CD-07CFE51CFF10}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6CE-189F-421a-88CD-07CFE51CFF10}\Instance\InitPropertyBag'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6CE-189F-421a-88CD-07CFE51CFF10}\Instance'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6CE-189F-421a-88CD-07CFE51CFF10}\InprocServer32'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{014DA6CE-189F-421a-88CD-07CFE51CFF10}'
Files and Directories: Cleaned '7E422CA4-A464-46BF-8B3F-7118CE' in 'C:\Program Files\Microsoft AntiSpyware\Quarantine\37D42C1F-9F7C-48A1-BB67-E0480C'
Files and Directories: Cleaned 'MYSEARCHPLUGINPROXY.CLASS' in 'C:\Program Files\MySearch\bar\1.bin'
Files and Directories: Cleaned 'S4WBTEMP.DLL' in 'C:\Program Files\MySearch\bar\1.bin'
Files and Directories: Cleaned '17B4AD0E.bin' in 'C:\Program Files\MySearch\bar\Cache'
Files and Directories: Cleaned '17B4AEB3.bin' in 'C:\Program Files\MySearch\bar\Cache'
Files and Directories: Cleaned '1A1E161F' in 'C:\Program Files\MySearch\bar\Cache'
Files and Directories: Cleaned 'files.ini' in 'C:\Program Files\MySearch\bar\Cache'
Files and Directories: Cleaned 'search' in 'C:\Program Files\MySearch\bar\History'
Files and Directories: Cleaned 'prevcfg.htm' in 'C:\Program Files\MySearch\bar\Settings'
Files and Directories: Cleaned '' in 'C:\Program Files\MySearch'
Files and Directories: Cleaned '' in 'C:\Program Files\MyWay'
Files and Directories: Cleaned 'Date.ico' in 'C:\WINDOWS\system32'
Files and Directories: Cleaned 'network.ico' in 'C:\WINDOWS\system32'
Finished Cleaning
Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Cleaning
Internet Explorer/MSN/AOL Cache
Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in ''
Media Player history
Delete History Items on Startup: Cleaned 'Media Player history' in ''
Windows common dialog recently used file list
Delete History Items on Startup: Cleaned 'Windows common dialog recently used file list' in ''
Windows Search History
Delete History Items on Startup: Cleaned 'Windows Search History' in ''
Windows Temp Files
Delete History Items on Startup: Cleaned 'Windows Temp Files' in ''
Windows Run History
Delete History Items on Startup: Cleaned 'Windows Run History' in ''
Recycle Bin
Delete History Items on Startup: Cleaned 'Recycle Bin' in ''
Start Menu Order/Click History
Delete History Items on Startup: Cleaned 'Start Menu Order/Click History' in ''
Cookies
Delete History Items on Startup: Cleaned 'Cookies' in ''
Finished Cleaning
--------------------------------- Anti-Spyware session ended ---------------------------------

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HEIN-39XEB87FH0
Time=Sat Sep 10 07:02:15 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional Service Pack 1 (Build 2600)

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HEIN-39XEB87FH0
Time=Sat Sep 10 07:03:32 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Started Scanning
Internet Cookies
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HEIN-39XEB87FH0
Time=Sat Sep 10 07:13:57 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Started Scanning
CoolWebSearch Variants (CWShredder)
Finished Scanning
--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HEIN-39XEB87FH0
Time=Sat Sep 10 07:16:00 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional Service Pack 1 (Build 2600)

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HEIN-39XEB87FH0
Time=Sat Sep 10 07:24:02 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional Service Pack 1 (Build 2600)

--------------------------------- Anti-Spyware session started ---------------------------------
Machine=HEIN-39XEB87FH0
Time=Sat Sep 10 07:38:00 2005
Product Version=3, 0, 1, 23
OS Version=Microsoft Windows XP Professional Service Pack 1 (Build 2600)

Started Scanning
Internet Cookies
Internet Cookies: Found 'bluestreak.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
You can disable Internet Explorer's pop up blocker by going to Tools > Turn Off Pop Up Blocker

Here is a more detailed instruction on how to use Panda's Activescan
Perform an online scan with Internet Explorer with Panda ActiveScan
  1. Click Scan your PC & a 'pop up' window shall appear. *ensure that your pop up blocker doesn't block it
  2. Click Scan Now
  3. Enter your e-mail address & click Scan Now ...begins downloading 8 MB Panda's ActiveX controls
Begin the scan by selecting My Computer
  • If it finds any malware, it will offer you a report.
  • Click on see report. Then click Save report
Post the contents of the report in your next reply

*You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
*Turn off the real time scanner of any existing antivirus program while performing the online scan
If that doesn't work out, you'll need to download Ewido Security Suite
  • Install Ewido Security Suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Double-click the icon on Desktop to launch Ewido
You will need to update Ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
If you are having problems with the updater, you can use this link to manually update Ewido
When you have finished updating, EXIT Ewido.


Next, please reboot your computer in SafeMode by doing the following:

1. Restart your computer
2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3. Instead of Windows loading as normal, a menu should appear
4. Select the first option, to run Windows in Safe Mode.


Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
  • Click Scanner
  • Click Complete System Scan to begin scanning.
  • Click OK when prompted to clean files
With the first file it prompts to clean, select the option:
  • "Perform action on all infections"
  • .Choose clean and click OK.
Once finished, click the Save report button & save the report to your desktop

** Ewido scan would require at least an hour. I suggest that you go grab a cup of coffee & do something else while you wait for it to complete.


Post a new HJT log along with Ewido's report.
 

·
Registered
Joined
·
4 Posts
Discussion Starter #6
Again Panda will not work.
Here are the new HJT and Ewidow reports.
Thanks again, MP.
-----------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 3:45:14 PM, on 9/15/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\windows\System32\svchost.exe
C:\Program Files\TapeWare\TWWINSDR.EXE
C:\windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
C:\windows\System32\hpoipm07.exe
C:\windows\System32\wuauclt.exe
C:\windows\System32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DESKTOP\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.rd.yahoo.com/customize/links/ymsgr7/*http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O3 - Toolbar: (no name) - {014DA6C9-189F-421a-88CD-07CFE51CFF10} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\windows\System32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HPAiODevice(hp officejet 7100 series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet 7100 series\Bin\hpogrp07.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1125804338687
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125804680531
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\System32\btxppanel.dll
O20 - Winlogon Notify: igfxcui - C:\windows\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: TapeWare - Unknown owner - C:\Program Files\TapeWare\TWWINSDR.EXE

--------------------------------------------------------------
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:38:22 PM, 9/15/2005
+ Report-Checksum: F0D619AB

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned without backup
:mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned without backup
:mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
:mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
:mozilla.41:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned without backup
:mozilla.42:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned without backup
:mozilla.48:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned without backup
:mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.59:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.63:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned without backup
:mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.66:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.67:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned without backup
:mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned without backup
:mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
:mozilla.87:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\dtvau7jw.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned without backup
C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> Spyware.Cookie.Overture : Cleaned without backup


::Report End
------------------------------------------------------------

===============================================
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
There does not seem to be malware on your machine. Please provide more details on the problems you're experiencing with it.
 

·
Registered
Joined
·
17 Posts
Hi there, I've been helping my bro out with his problem. When he tries to launch Kaspersky or Panda online scan, the virus/spyware knows about these sites and disables the sites so that they do not function. I don't know how else to explain this. And these sites do not run on Firefox either, so he can't follow your instructions until we solve this situation. And his pop-up blocker is turned off.
 

·
TSF Security Team, Emeritus
Joined
·
26,363 Posts
I dont think it's malware that's preventing him from doing online scans.

Let's try this...
Do an online scan with FireFox from Trend Micro Europe. (it doesn't require ActiveX)
 
1 - 9 of 9 Posts
Status
Not open for further replies.
Top