CoolWWWSearch - Gentle_Breeze
Hello there, first of all id like to thank the volunteers for their hard work and secondly id like to earnestly ask for some assistance with removing some nasty spyware from my system
Here is a breif discription of the problem:
- Home page is redirected to about:blank
- Constant popups
- Warnings that my system is infected and that I need to download various spywarew programs
- Pages are redirected continouosly
- When I try to delet Home Search Assistant
and Search Extender from my system I am asked to download something else
- My mouse pointer will move by itself open my calculater and start to type numbers
- Computer is much slower than usual
I have also run several scans with spybot and deleted the following files:
CoolWWWSearch.feat2installer.ADS
CoolWWWSearch.HomeSearch
CoolWWWSearch.IELinks
CoolWWWSearch.SearchKick
CoolWWWSearch.
But the files show up everytime I run a scan
I have aslo run adaware many times and deleted anything that showed up but it did not help
here is a copy of my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 2:49:40 AM, on 2/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\system32\sysgo32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\javasd32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {263B61EA-74E2-751A-5588-7D697B89E425} - C:\WINDOWS\msla32.dll
O2 - BHO: Class - {369ABBD3-0092-8745-2028-63ADC7061F76} - C:\WINDOWS\ipvh32.dll
O2 - BHO: Class - {5088C44A-658D-F170-739A-787878D30AA1} - C:\WINDOWS\system32\mfcod.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {6512EE1E-E517-1B02-0594-C2FF50F1A195} - C:\WINDOWS\ipvh32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [sysgo32.exe] C:\WINDOWS\system32\sysgo32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
I thank you in advance for any help you can give me
Here is a breif discription of the problem:
- Home page is redirected to about:blank
- Constant popups
- Warnings that my system is infected and that I need to download various spywarew programs
- Pages are redirected continouosly
- When I try to delet Home Search Assistant
and Search Extender from my system I am asked to download something else
- My mouse pointer will move by itself open my calculater and start to type numbers
- Computer is much slower than usual
I have also run several scans with spybot and deleted the following files:
CoolWWWSearch.feat2installer.ADS
CoolWWWSearch.HomeSearch
CoolWWWSearch.IELinks
CoolWWWSearch.SearchKick
CoolWWWSearch.
But the files show up everytime I run a scan
I have aslo run adaware many times and deleted anything that showed up but it did not help
here is a copy of my HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 2:49:40 AM, on 2/1/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\WINDOWS\system32\sysgo32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\system32\javasd32.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {263B61EA-74E2-751A-5588-7D697B89E425} - C:\WINDOWS\msla32.dll
O2 - BHO: Class - {369ABBD3-0092-8745-2028-63ADC7061F76} - C:\WINDOWS\ipvh32.dll
O2 - BHO: Class - {5088C44A-658D-F170-739A-787878D30AA1} - C:\WINDOWS\system32\mfcod.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Class - {6512EE1E-E517-1B02-0594-C2FF50F1A195} - C:\WINDOWS\ipvh32.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [sysgo32.exe] C:\WINDOWS\system32\sysgo32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
I thank you in advance for any help you can give me
0
This discussion has been closed.
Comments
===============
Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.
===============
Download AboutBuster 6:
http://www.majorgeeks.com/download4289.html
Once downloaded, unzip it, and put the folder on your desktop.
Reboot into safe mode following the instructions here.
Start AboutBuster and click Begin Removal.
When the scan is done, click Ok.
Run Ewido, and do a full scan. During the scan it will prompt you to clean files, click OK.
Save the logfile from the scan. Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan.
After running the AboutBuster scan I got the following message:
Run-time error '339'. Component 'comctl32.ocx' or one of its dependencies not correctly regestired: a file is missing or invalid.
Here are the logfiles from the Ewido anf HJT scans:
ewido anti-malware - Scan report
+ Created on: 3:18:13 AM, 2/2/2006
+ Report-Checksum: A13C7BF7
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
C:\Documents and Settings\hedayat sharifi\Cookies\hedayat [email]sharifi@tribalfusion[1].txt[/email] -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\hedayat sharifi\Cookies\hedayat [email]sharifi@www.myaffiliateprogram[1].txt[/email] -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
::Report End
======================
Logfile of HijackThis v1.99.1
Scan saved at 3:22:10 AM, on 2/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {369ABBD3-0092-8745-2028-63ADC7061F76} - C:\WINDOWS\ipvh32.dll (file missing)
O2 - BHO: Class - {6512EE1E-E517-1B02-0594-C2FF50F1A195} - C:\WINDOWS\ipvh32.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Thanks Again
===============
Scan with HiJackThis, then check(tick) the following, if present:
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {369ABBD3-0092-8745-2028-63ADC7061F76} - C:\WINDOWS\ipvh32.dll (file missing)
O2 - BHO: Class - {6512EE1E-E517-1B02-0594-C2FF50F1A195} - C:\WINDOWS\ipvh32.dll (file missing)
Now, close all instances of Internet Explorer and any other windows you have open except HiJackThis, click "Fix checked".
===============
After rebooting, rescan with hijackthis and post back a new log. Please let me know how your pc is now.
here is the HJT log:
Logfile of HijackThis v1.99.1
Scan saved at 4:28:40 AM, on 2/2/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1138871248811
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
Thanks!!
===============
Secure your Internet Explorer by going here and following the instructions there.
Better yet, use an alternative browser! Download FireFox and give it a run. It is far more secure than Internet Explorer. Or, you can get Opera which in my opinion, is better still.
Use a firewall to help prevent your PC's control being usurped by undesireables. There is a link to a good, free firewall in my signature.
Install and keep updated, Ewido anti-malware, Ad-Aware SE and Spybot S&D.
Run them both on a regular basis, following the manufacturer's recommendations.
Install an anti-virus. There are some good, free AV's available today. Make sure that it is updated regularly and have it scan your system often.
Check for Windows Updates. Microsoft regularly post updates for your systems safe running. Make sure to take advantage of this. Reboot when installed and return to make sure there are no others.
Clear your Temp folders.
Clear out your Temporary internet files and other temp files.
Go to Start > Settings > Control Panel >Internet Options.
Under the General tab click the Delete temporary internet files,
delete all Offline content as well. Clear out Cookies.
Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.
Empty/delete the entire contents of the C:\Windows\temp folder and C:\temp folder, if you have one. (Contents but not the folder itself.)
C:\Documents and Settings\username\Local Settings\Temp\
In order to view these files you may have to select 'show hidden files/folders.' Instructions on how to here.
Empty the Recycle Bin.
For XP users.
After something like this it is a good idea to Flush the Restore Points and start fresh.
To flush the XP system Restore Points.
Go to Start>Run and type msconfig. Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings link on the left.
Check the box labelled 'Turn off System restore'.
Reboot. Go back in and Turn System Restore Back on. A new Restore Point will be created.
Note that all previous restore points will be lost.
===============
If you have any more problems, post back.
-
Happy surfing,
crunchie.
Thanks
Thanks alot!!
--- Report generated: 2006-02-03 00:38 ---
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\bestcounter.biz\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\skoobidoo.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\windupdates.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\05p.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\clickspring.net\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\flingstone.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mt-download.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\my-internet.info\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\scoobidoo.com\*!=W=4
CoolWWWSearch.BadZoneMap: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\searchbarcash.com\*!=W=4
CoolWWWSearch.Leftovers: Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\greatplugin.com\*!=W=4
CoolWWWSearch.Mupdate: Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\masspass.com\*!=W=4
CoolWWWSearch.Toolband: Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\isprime.com\*!=W=4
CoolWWWSearch.WinRes: Trusted Site (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\offshoreclicks.com\*!=W=4
NeedEdware: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\neededware.com\*!=W=4
Smitfraud-C.: Settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\asdbiz.biz\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cc20foreva.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fast-look.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\****-****.org\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\letgohome.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\msnprotection.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\t34rulit.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\toprefsys.com\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\visitfriend.net\*!=W=4
Smitfraud-C.: User settings (Registry change, nothing done)
HKEY_USERS\S-1-5-21-436374069-484061587-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webpidor.biz\*!=W=4
--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---
2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2006-01-30 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2006-01-27 Includes\Cookies.sbi (*)
2006-01-27 Includes\Dialer.sbi (*)
2006-01-27 Includes\Hijackers.sbi (*)
2006-01-27 Includes\Keyloggers.sbi (*)
2006-01-27 Includes\Malware.sbi (*)
2006-01-27 Includes\PUPS.sbi (*)
2006-01-27 Includes\Revision.sbi (*)
2006-01-27 Includes\Security.sbi (*)
2006-01-27 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2006-01-27 Includes\Trojans.sbi (*)
"some problems couldnt be fixed; the reason could be that the associated files are still in use (in memory)
this could be fixed after a restart"
But i get this message even after restarting and scanning again. it wont let me delet the files.
Thanks
Reboot when done. Rescan with Spybot.
NOTE. If you have used Spybot's Hosts file, you will need to reinstate it as the regfix will remove the entries.
You guys are great. I hope people appreciate the service that you guys are providing. Im going to follow your suggestions and try and make my PC more protected.
Once again thank you for all your help, i really appreciate it!
Gentle
Stay clean
This thread is now closed. If you need it reopened, please send a PM to one of our Mods.
Include the link to the thread and detail why you need it reopened.
If this is not your thread please start a New Topic.