Unwanted Sites/Pop-Up/ themselves opening Probably Virus Attcaked

Status
Not open for further replies.
Can't delete C:\WINDOWS\RUNDLL32.EXE: file being used by Windows.

All others were fixed prior to your reply and With a slight modification I was having
O4 - HKCU\..\RunServices: [Windows installer] C:\winstall.exe
But I did'nt checked it,and later after fresh scan it disappeared itself.

Still,I need troubleshooting to enable restore my LAN/WAN connection having Windows ME.
 
Tell me other way to put it directly to outer bin instead of recycling it.
 
Naqvi,

Let's back up here...as the advice your getting is to fix things in hijackthis and hijackthis can NOT fix your infections.

Before attacking an adware/spyware problem with hijackthis make sure you have already run the following tools. Download and update the databases on each program before running.

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Download, install & launch - Webroot SpySweeper (Trial) (8.3 MB)

When SpySweeper starts, please accept any prompts to update definitions.

Then configure it as followed:
  • From the left pane, click Options
  • Select the Sweep Options tab & ensure the following are ticked:
    • Sweep Memory
    • Sweep Registry
    • Sweep Cookies
    • Sweep All Users accounts
    • Do Not Sweep System Restore Folder
    • Enable Direct Disk Sweeping
    • Sweep For Rootkits
  • After that's done, select Sweep from the left pane & click on the Start button
  • Allow Spysweeper to reboot your machine to remove the infected files.

Once you reboot...proceed with the next step..

Download smitRem.exe and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.


If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  1. Restart your computer
  2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  3. Instead of Windows loading as normal, a menu should appear
  4. Select the first option, to run Windows in Safe Mode.
Now scan with HJT and place a checkmark next to each of the following items and click FIX CHECKED:

O4 - HKLM\..\Run: [System] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKLM\..\RunServices: [Shell] Explorer.exe C:\WINDOWS\SYSTEM\kernels32.exe
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM\msupdate32.dll

Close HiJackThis.

C:\WINDOWS\SYSTEM\kernels32.exe <--delete that file

C:\winstall.exe <--delete that file

C:\WINDOWS\SYSTEM\msupdate32.dll <--delete that file

*Note* If you can't delete the files please continue with the fix.

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.


Open Ad-aware and do a full scan. Remove all it finds.

IF listed Remove the check by "View my Active desktop as a web page".
Click OK then Apply and OK.


Reboot back into Windows and click the Panda ActiveScan shortcut.
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report, along with a new HijackThis Log, the contents of smitfiles.txt
 
Failed XP instalaltion in ME virus affected environment

After scanning from Zero Knowledge Spyware detector provided following report:
AVSDK Version 4.92.7
PPSDK Version 5.6.1
Key hkey_current_user\software/installAdclicker

1.0
Later I am failed to install XP Prof,SP2 several times,even now I don't have access to use ME.
Fatal error:
An error has encountered that prevents Setup from continuing.
One of components that windows needs to continue setup could not be installed.
Data Error(Cyclic Redundundancy Check)
If u r installing from a CD,there might be a problem with the disc;try cleaning it or using another disc.
STOP:c0000221 Unknown Hard Error
\SystemRoot\System32\ntdll.dll

Here is complete log:

Setup Error Log
Error:
SXS.DLL:Syntax error in manifest or policy file "D:\I386\asms\windows\common\controls.man" on line 5.

****

Error:
Installation Failed: D:\I386\asms. Error Message: Data error (Cyclic Redundancy Check).

****

Fatal Error:
One of components that windows needs to continue setup could notbe installed

Data error (Cyclic Redundancy Check).

If u r installing from a CD,there might be a problem with the disc;try cleaning the disc or using another disc.

If u r installing from network====
 
Fresh HJT Log after XP installation

Kindly tell me anything need to be cleaned as I am having 2 XP windows installed,not sure which one need to be deleted.Moreover I am still getting Messenger Service pops,will I follow their instruction:
Messenger Service
System Error
www.cleanthispc.com
Buffer overrun in Messenger Service allows remote code execution,virus infection and unexpected computer shutdown.
www.Patchupdate.info

Logfile of HijackThis v1.99.1
Scan saved at 10:11:08 AM, on 1/26/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups.google.ca/group/24hoursupport.helpdesk?lnk=li
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kav.exe" /minimize
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
 
No clue as your not following directions. I post a fix and asked for some logs. You've done none of it so I don't know were it stands. The log above is clean. Disable Messenger as it's not needed and your getting SPAM messages from it.
 
I was out of net last 2 months

I was unble to contact u as my pc was not restored to connect in ME environment,I bring a 2006 XP cd and later found it was failed to install due to some bad sectors as seen on it's surface,later I tried to restore halted installation by putting another XP cd(SP1),I done it twice as during last momnets windows asked password for new user names set by me during XP installation.I never set any password for against those names,so I re-install once again XP-SP1 later.
It's wonder that how I utilized same CD KEY# of my 2006 XP CD key with my friend's XP-SP1 CD which has done a very good job of restoring me to outside world with a fresh complete instalaltion.
I have updated windows now,running ROGERS broadband instead of BELL.I have exited Windows Messenger,do'nt how to uninstall it.
I get TROJAN_TROJAN --- virus which is either quarantined/deleted by Kaspersky.
At this time,I am still in fear of having TROJAN and want to get rid off partially installed XP Professional.
 
Ad-Adware SE log

Ad-Aware SE Build 1.06r1
Logfile Created on:Monday, January 30, 2006 2:04:52 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R89 24.01.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Alexa(TAC index:5):10 total references
CoolWebSearch(TAC index:10):17 total references
Targetsavers(TAC index:8):1 total references
Tracking Cookie(TAC index:3):19 total references
UCmore(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


1-30-2006 2:04:52 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 476
ThreadCreationTime : 1-29-2006 9:38:54 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 532
ThreadCreationTime : 1-29-2006 9:39:42 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 1-29-2006 9:39:43 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 600
ThreadCreationTime : 1-29-2006 9:39:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 1-29-2006 9:39:47 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 776
ThreadCreationTime : 1-29-2006 9:39:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 820
ThreadCreationTime : 1-29-2006 9:39:49 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 900
ThreadCreationTime : 1-29-2006 9:39:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 956
ThreadCreationTime : 1-29-2006 9:39:52 AM
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1196
ThreadCreationTime : 1-29-2006 9:39:57 AM
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1232
ThreadCreationTime : 1-29-2006 9:39:57 AM
BasePriority : Normal
FileVersion : 5.1.2600.1699 (xpsp2.050610-1533)
ProductVersion : 5.1.2600.1699
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1364
ThreadCreationTime : 1-29-2006 9:39:59 AM
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:13 [googletalk.exe]
FilePath : C:\Program Files\Google\Google Talk\
ProcessID : 1512
ThreadCreationTime : 1-29-2006 9:40:02 AM
BasePriority : Normal
FileVersion : 1,0,0,84
ProductVersion : 1,0,0,84
ProductName : Google Talk
CompanyName : Google
FileDescription : Google Talk
InternalName : Google Talk
LegalCopyright : Copyright (C) 2005
OriginalFilename : googletalk.exe

#:14 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 1520
ThreadCreationTime : 1-29-2006 9:40:03 AM
BasePriority : Normal
FileVersion : 7.5.0311
ProductVersion : 7.5.0311
ProductName : MSN Messenger
CompanyName : Microsoft Corporation
FileDescription : MSN Messenger
InternalName : msnmsgr
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2004
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msnmsgr.exe

#:15 [msmsgs.exe]
FilePath : C:\Program Files\Messenger\
ProcessID : 1528
ThreadCreationTime : 1-29-2006 9:40:03 AM
BasePriority : Normal
FileVersion : 4.7.0041
ProductVersion : Version 4.7
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msmsgs
LegalCopyright : Copyright (c) Microsoft Corporation 1997-2001
LegalTrademarks : Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
OriginalFilename : msmsgs.exe

#:16 [wuauclt.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1572
ThreadCreationTime : 1-29-2006 9:41:38 AM
BasePriority : Normal
FileVersion : 5.8.0.2469 built by: lab01_n(wmbla)
ProductVersion : 5.8.0.2469
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Automatic Updates
InternalName : wuauclt.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wuauclt.exe

#:17 [callwaiting.exe]
FilePath : C:\Program Files\Internet Call Waiting PC\
ProcessID : 3140
ThreadCreationTime : 1-29-2006 10:25:58 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : native_client Application
CompanyName : Northern Telecom Inc.
FileDescription : native_client MFC Application
InternalName : Internet Call Waiting
LegalCopyright : Copyright (C) 1998
OriginalFilename : native_client.EXE

#:18 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 2380
ThreadCreationTime : 1-30-2006 7:03:29 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:19 [hh.exe]
FilePath : C:\WINDOWS\
ProcessID : 1164
ThreadCreationTime : 1-30-2006 7:03:30 PM
BasePriority : Normal
FileVersion : 5.2.3790.315 (srv03_gdr.050421-1728)
ProductVersion : 5.2.3790.315
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.41
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Alexa Object Recognized!
Type : Regkey
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : MenuStatusBar

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Script

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : clsid

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : Icon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : HotIcon

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a}
Value : ButtonText

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : .DEFAULT\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-18\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Alexa Object Recognized!
Type : RegValue
Data :
TAC Rating : 5
Category : Data Miner
Comment : "{c95fe080-8f5d-11d2-a20b-00aa003c157a}"
Rootkey : HKEY_USERS
Object : S-1-5-21-790525478-1060284298-1708537768-1003\software\microsoft\internet explorer\extensions\cmdmapping
Value : {c95fe080-8f5d-11d2-a20b-00aa003c157a}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 10
Objects found so far: 10


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 10


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@tribalfusion[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:thaqalain@tribalfusion.com/
Expires : 12-31-2037 7:00:00 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@trafficmp[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thaqalain@trafficmp.com/
Expires : 1-28-2007 10:48:08 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@fastclick[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:thaqalain@fastclick.net/
Expires : 1-29-2008 5:22:08 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@perf.overture[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thaqalain@perf.overture.com/
Expires : 1-25-2010 3:17:34 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@atdmt[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:thaqalain@atdmt.com/
Expires : 1-26-2011 7:00:00 PM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:thaqalain@serving-sys.com/
Expires : 12-31-2037 5:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@cgi-bin[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:thaqalain@imrworldwide.com/cgi-bin
Expires : 1-24-2016 6:33:18 PM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@z1.adserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:21
Value : Cookie:thaqalain@z1.adserver.com/
Expires : 1-29-2007 5:22:06 PM
LastSync : Hits:21
UseCount : 0
Hits : 21

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@real[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:thaqalain@real.com/
Expires : 1-27-2008 11:04:20 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@s.as-us.falkag[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thaqalain@s.as-us.falkag.net/
Expires : 2-27-2006 10:37:00 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@doubleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:6
Value : Cookie:thaqalain@doubleclick.net/
Expires : 1-25-2009 12:37:32 AM
LastSync : Hits:6
UseCount : 0
Hits : 6

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@advertising[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:5
Value : Cookie:thaqalain@advertising.com/
Expires : 1-28-2011 5:02:10 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@2o7[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:35
Value : Cookie:thaqalain@2o7.net/
Expires : 1-28-2011 5:20:24 PM
LastSync : Hits:35
UseCount : 0
Hits : 35

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@mediaplex[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:3
Value : Cookie:thaqalain@mediaplex.com/
Expires : 6-21-2009 7:00:00 PM
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@questionmarket[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thaqalain@questionmarket.com/
Expires : 3-21-2007 1:49:20 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@valueclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:thaqalain@valueclick.com/
Expires : 1-22-2031 10:37:06 AM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@as-us.falkag[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:7
Value : Cookie:thaqalain@as-us.falkag.net/
Expires : 2-28-2006 5:33:06 PM
LastSync : Hits:7
UseCount : 0
Hits : 7

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@server.iad.liveperson[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:8
Value : Cookie:thaqalain@server.iad.liveperson.net/
Expires : 1-26-2007 3:05:50 PM
LastSync : Hits:8
UseCount : 0
Hits : 8

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : thaqalain@ads.pointroll[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:thaqalain@ads.pointroll.com/
Expires : 12-31-2009 7:00:00 PM
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 19
Objects found so far: 29



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : File
Data : installer.exe
TAC Rating : 10
Category : Malware
Comment : Look2Me
Object : C:\



Targetsavers Object Recognized!
Type : File
Data : A0018391.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{C92363E9-A270-4488-8F4D-A0F6705127C2}\RP49\



UCmore Object Recognized!
Type : File
Data : ucmoreiex.exe
TAC Rating : 3
Category : Data Miner
Comment :
Object : C:\



CoolWebSearch Object Recognized!
Type : File
Data : BB402RTL.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : DFWSOCK.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : JUPL400.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : MICONF.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : MTTEXT40.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : MVIMRT16.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : SKEM0409.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : SOEM0409.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : SQI_CI32.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : VEWWDM32.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



CoolWebSearch Object Recognized!
Type : File
Data : WGVCORE.0
TAC Rating : 10
Category : Malware
Comment :
Object : C:\_RESTORE\TEMP\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 43




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CoolWebSearch Object Recognized!
Type : Regkey
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Enable Browser Extensions

CoolWebSearch Object Recognized!
Type : RegValue
Data :
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Search Bar

CoolWebSearch Object Recognized!
Type : RegData
Data : no
TAC Rating : 10
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\main
Value : Use Search Asst
Data : no

CoolWebSearch Object Recognized!
Type : File
Data : wbemess.log
TAC Rating : 10
Category : Malware
Comment :
Object : C:\WINDOWS\System32\wbem\logs\



Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 48

2:48:58 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:44:06.556
Objects scanned:110333
Objects identified:48
Objects ignored:0
New critical objects:48
 
Status
Not open for further replies.

Similar threads

XWrench3
hijack this scan
Replies
6
Views
2K
XWrench3
XWrench3
G
Computer slow and work in background
Replies
0
Views
2K
grecycle99
G
N
Laptop slowing down in function (internet and general apps)
Replies
1
Views
3K
Trotter
Trotter
N
Your computer appears to be correctly configured, but the device or resource (DNS server) is not responding"
Replies
0
Views
4K
nev
N
M
computer suddenly slowed down.
Replies
0
Views
3K
mike3dp
M
Back
Top Bottom