1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Can't Remove Cool Web Search. Please Help!

Discussion in 'Virus & Other Malware Removal' started by raybob123, Oct 1, 2004.

Thread Status:
Not open for further replies.
Advertisement
  1. raybob123

    raybob123 Thread Starter

    Joined:
    Sep 8, 2004
    Messages:
    7
    Can Somone Please help me to slove my problem. I have run Ad-aware, Spybot S&D, Spywareblaster, CWShredder, Hijackthis, AboutBuster, Spyware Nuker2004, Spyware Stomer adn Norton Anti-Virus (All with the latest update). However, everytime I open the interner explorer it still set my home page at "about:blank" and tons of pop up. I have been working on this problem for over 5 hours already and I'm running out of option. Thanks in advance. Below is my log.



    Logfile of HijackThis v1.98.2
    Scan saved at 6:09:30 AM, on 10/1/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
    C:\WINDOWS\System32\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\appoe.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\WINDOWS\Q328940.log:qnbpn
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Documents and Settings\Lisa Savant\My Documents\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {14A8A5FE-B57D-0B1C-6508-01E9615DFBD7} - C:\WINDOWS\addtz.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKey.exe] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [appoe.exe] C:\WINDOWS\appoe.exe
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...pple.com/borris/us/win/QuickTimeInstaller.exe
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab





    Lavasoft Ad-aware Professional Build 6.181
    Logfile created on :Friday, October 01, 2004 5:06:03 AM
    Using reference-file :01R342 25.09.2004
    ______________________________________________________

    Reffile status:
    =========================
    Reference file loaded:
    Reference Number : 01R342 25.09.2004
    Internal build : 276
    File location : C:\Program Files\Lavasoft\Ad-aware 6\reflist.ref
    Total size : 1347890 Bytes
    Signature data size : 1325938 Bytes
    Reference data size : 21888 Bytes
    Signatures total : 29315
    Target categories : 10
    Target families : 558

    Memory + processor status:
    ==========================
    Number of processors : 1
    Processor architecture : Intel Pentium III
    Memory available:34 %
    Total physical memory:252912 kb
    Available physical memory:85260 kb
    Total page file size:621000 kb
    Available on page file:491768 kb
    Total virtual memory:2097024 kb
    Available virtual memory:2054364 kb
    OS:

    Ad-aware Settings
    =========================
    Set : Activate in-depth scan (Recommended)
    Set : Safe mode (always request confirmation)
    Set : Scan active processes
    Set : Scan registry
    Set : Deep scan registry
    Set : Scan my IE Favorites for banned URLs
    Set : Scan within archives
    Set : Scan my Hosts file

    Extended Ad-aware Settings
    =========================
    Set : Unload recognized processes during scanning
    Set : Include basic Ad-aware settings in logfile
    Set : Include additional Ad-aware settings in logfile
    Set : Automatically mark all objects in result list
    Set : Let windows remove files in use at next reboot
    Set : Delete quarantined objects after restoring
    Set : Block Popups and banned sites
    Set : Automatically pop up event log if event occours
    Set : Show splash screen
    Set : Always back up reference file, before updating
    Set : Play sound if scan produced a result


    10-1-2004 5:06:03 AM - Scan started. (Custom mode)

    Listing running processes
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    #:1 [smss.exe]
    FilePath : \SystemRoot\System32\
    ThreadCreationTime : 10-1-2004 11:49:06 AM
    BasePriority : Normal


    #:2 [winlogon.exe]
    FilePath : \??\C:\WINDOWS\system32\
    ThreadCreationTime : 10-1-2004 11:49:09 AM
    BasePriority : High


    #:3 [services.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 10-1-2004 11:49:09 AM
    BasePriority : Normal
    FileSize : 99 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Services and Controller app
    InternalName : services.exe
    OriginalFilename : services.exe
    ProductName : Microsoft
    Created on : 5/23/2002 4:30:26 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 8/18/2001 12:00:00 PM

    #:4 [lsass.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 10-1-2004 11:49:09 AM
    BasePriority : Normal
    FileSize : 11 KB
    FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
    ProductVersion : 5.1.2600.1106
    CompanyName : Microsoft Corporation
    FileDescription : LSA Shell (Export Version)
    InternalName : lsass.exe
    OriginalFilename : lsass.exe
    ProductName : Microsoft
    Created on : 5/23/2002 4:29:58 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 8/29/2002 10:41:26 AM

    #:5 [svchost.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 10-1-2004 11:49:10 AM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 5/23/2002 4:30:33 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 8/18/2001 12:00:00 PM

    #:6 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 10-1-2004 11:49:10 AM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 5/23/2002 4:30:33 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 8/18/2001 12:00:00 PM

    #:7 [spoolsv.exe]
    FilePath : C:\WINDOWS\system32\
    ThreadCreationTime : 10-1-2004 11:49:12 AM
    BasePriority : Normal
    FileSize : 50 KB
    FileVersion : 5.1.2600.0 (XPClient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Spooler SubSystem App
    InternalName : spoolsv.exe
    OriginalFilename : spoolsv.exe
    ProductName : Microsoft
    Created on : 5/23/2002 4:30:31 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 8/18/2001 12:00:00 PM

    #:8 [defwatch.exe]
    FilePath : C:\Program Files\NavNT\
    ThreadCreationTime : 10-1-2004 11:49:13 AM
    BasePriority : Normal
    FileSize : 32 KB
    FileVersion : 7.60.00.926
    ProductVersion : 7.60.00.926
    Copyright : Copyright
    CompanyName : Symantec Corporation
    FileDescription : Virus Definition Daemon
    InternalName : DefWatch
    OriginalFilename : DefWatch.exe
    ProductName : Norton AntiVirus
    Created on : 9/24/2001 2:59:00 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 9/24/2001 2:59:00 PM

    #:9 [explorer.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 10-1-2004 11:49:15 AM
    BasePriority : Normal
    FileSize : 980 KB
    FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
    ProductVersion : 6.00.2800.1106
    CompanyName : Microsoft Corporation
    FileDescription : Windows Explorer
    InternalName : explorer
    OriginalFilename : EXPLORER.EXE
    ProductName : Microsoft
    Created on : 2/26/2004 6:08:10 AM
    Last accessed : 10/1/2004 11:49:15 AM
    Last modified : 8/29/2002 10:41:24 AM

    #:10 [svchost.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 10-1-2004 11:49:15 AM
    BasePriority : Normal
    FileSize : 12 KB
    FileVersion : 5.1.2600.0 (xpclient.010817-1148)
    ProductVersion : 5.1.2600.0
    CompanyName : Microsoft Corporation
    FileDescription : Generic Host Process for Win32 Services
    InternalName : svchost.exe
    OriginalFilename : svchost.exe
    ProductName : Microsoft
    Created on : 5/23/2002 4:30:33 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 8/18/2001 12:00:00 PM

    #:11 [wanmpsvc.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 10-1-2004 11:49:15 AM
    BasePriority : Normal
    FileSize : 64 KB
    FileVersion : 7, 0, 0, 2
    ProductVersion : 7, 0, 0, 2
    Copyright : Copyright
    CompanyName : America Online, Inc.
    FileDescription : Wan Miniport (ATW) Service
    InternalName : WanMPSvc
    OriginalFilename : WanMPSvc.exe
    ProductName : America Online
    Created on : 8/27/2002 4:37:00 AM
    Last accessed : 10/1/2004 11:23:30 AM
    Last modified : 10/4/2001 12:21:52 AM

    #:12 [igfxtray.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 10-1-2004 11:49:19 AM
    BasePriority : Normal
    FileSize : 148 KB
    FileVersion : 3,0,0,1438
    ProductVersion : 7,0,0,1438
    Copyright : Copyright 1999-2001, Intel Corporation
    CompanyName : Intel Corporation
    FileDescription : igfxTray Module
    InternalName : IGFXTRAY
    OriginalFilename : IGFXTRAY.EXE
    ProductName : Intel(R) Common User Interface
    Created on : 5/23/2002 5:39:40 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 1/30/2002 5:33:14 AM

    #:13 [hkcmd.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 10-1-2004 11:49:19 AM
    BasePriority : Normal
    FileSize : 104 KB
    FileVersion : 3,0,0,1438
    ProductVersion : 7,0,0,1438
    Copyright : Copyright 1999-2001, Intel Corporation
    CompanyName : Intel Corporation
    FileDescription : hkcmd Module
    InternalName : HKCMD
    OriginalFilename : HKCMD.EXE
    ProductName : Intel(R) Common User Interface
    Created on : 5/23/2002 5:39:39 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 1/30/2002 5:25:20 AM

    #:14 [apoint.exe]
    FilePath : C:\Program Files\Apoint2K\
    ThreadCreationTime : 10-1-2004 11:49:19 AM
    BasePriority : Normal
    FileSize : 120 KB
    FileVersion : 5.3.5.122
    ProductVersion : 5.3.5.122
    Copyright : Copyright (C) 1999-2002 Alps Electric Co., Ltd.
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver
    InternalName : Alps Pointing-device Driver
    OriginalFilename : Apoint.exe
    ProductName : Alps Pointing-device Driver
    Created on : 3/29/2002 9:40:18 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 3/29/2002 9:40:18 PM

    #:15 [tptray.exe]
    FilePath : C:\Program Files\TOSHIBA\TouchPadNF\
    ThreadCreationTime : 10-1-2004 11:49:19 AM
    BasePriority : Normal
    FileSize : 44 KB
    FileVersion : 1, 8, 0, 1
    ProductVersion : 1, 8, 0, 1
    Copyright : Copyright 2002 Compal Electronic Inc.
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : TPTray Application
    InternalName : TPTray
    OriginalFilename : TPTray.EXE
    ProductName : TPTray Application
    Created on : 5/15/2002 12:23:20 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 5/15/2002 12:23:20 PM

    #:16 [cepmtray.exe]
    FilePath : C:\WINDOWS\System32\
    ThreadCreationTime : 10-1-2004 11:49:19 AM
    BasePriority : Normal
    FileSize : 112 KB
    FileVersion : 1, 8, 0, 2
    ProductVersion : 1, 8, 0, 2
    Copyright : Copyright (C) 2001
    CompanyName : Compal Electronic Inc,
    FileDescription : CeTray MFC Application
    InternalName : CeTray
    OriginalFilename : CeTray.EXE
    ProductName : CeTray Application
    Created on : 5/23/2002 6:25:32 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 5/15/2002 12:28:12 PM

    #:17 [ceekey.exe]
    FilePath : C:\Program Files\TOSHIBA\E-KEY\
    ThreadCreationTime : 10-1-2004 11:49:20 AM
    BasePriority : Normal
    FileSize : 340 KB
    FileVersion : 1, 8, 0, 2
    ProductVersion : 1, 8, 0, 2
    Copyright : Copyright 2002 Compal Electronic Inc.
    CompanyName : COMPAL ELECTRONIC INC.
    FileDescription : Hot Key Utility
    InternalName : E_Key
    OriginalFilename : CeEKey.EXE
    ProductName : EKey Application
    Created on : 5/17/2002 7:18:48 AM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 5/17/2002 7:18:48 AM

    #:18 [pinger.exe]
    FilePath : C:\toshiba\ivp\ism\
    ThreadCreationTime : 10-1-2004 11:49:20 AM
    BasePriority : Normal
    FileSize : 156 KB
    FileVersion : 3.3
    ProductVersion : 3.3
    CompanyName : Toshiba Corporation
    FileDescription : Toshiba Pinger
    InternalName : PINGER
    OriginalFilename : PINGER.EXE
    ProductName : Software Upgrades
    Created on : 5/23/2002 6:30:12 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 1/25/2002 6:26:54 PM

    #:19 [ybrwicon.exe]
    FilePath : C:\Program Files\Yahoo!\browser\
    ThreadCreationTime : 10-1-2004 11:49:20 AM
    BasePriority : Normal
    FileSize : 56 KB
    FileVersion : 2003, 7, 11, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright
    CompanyName : Yahoo!, Inc.
    FileDescription : YBrwIcon
    InternalName : YBrwIcon
    OriginalFilename : YBrwIcon.exe
    ProductName : Yahoo!, Inc. YBrwIcon
    Created on : 10/12/2003 1:11:04 AM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 7/11/2003 9:51:16 PM

    #:20 [realsched.exe]
    FilePath : C:\Program Files\Common Files\Real\Update_OB\
    ThreadCreationTime : 10-1-2004 11:49:20 AM
    BasePriority : Normal
    FileSize : 176 KB
    FileVersion : 0.1.0.3034
    ProductVersion : 0.1.0.3034
    Copyright : Copyright
    CompanyName : RealNetworks, Inc.
    FileDescription : RealNetworks Scheduler
    InternalName : schedapp
    OriginalFilename : realsched.exe
    ProductName : RealPlayer (32-bit)
    Created on : 6/11/2004 2:54:27 AM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 6/11/2004 2:54:27 AM

    #:21 [appoe.exe]
    FilePath : C:\WINDOWS\
    ThreadCreationTime : 10-1-2004 11:49:20 AM
    BasePriority : Normal
    FileSize : 26 KB
    Created on : 9/10/2004 4:11:14 PM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 9/10/2004 4:11:14 PM

    #:22 [companion.exe]
    FilePath : C:\Program Files\AOL Companion\
    ThreadCreationTime : 10-1-2004 11:49:31 AM
    BasePriority : Normal
    FileSize : 212 KB
    FileVersion : 1, 0, 120, 1
    ProductVersion : 1, 0, 120, 1
    Copyright : Copyright 2002
    FileDescription : Companion Module
    InternalName : Companion
    OriginalFilename : Companion.EXE
    ProductName : Companion Module
    Created on : 10/29/2002 6:39:06 AM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 10/22/2002 10:22:24 PM

    #:23 [ycommon.exe]
    FilePath : C:\PROGRA~1\Yahoo!\browser\
    ThreadCreationTime : 10-1-2004 11:49:32 AM
    BasePriority : Normal
    FileSize : 208 KB
    FileVersion : 2003, 7, 14, 1
    ProductVersion : 1, 0, 0, 1
    Copyright : Copyright 2003 Yahoo! Inc.
    CompanyName : Yahoo!, Inc.
    FileDescription : YCommon Exe Module
    InternalName : YCommonExe
    OriginalFilename : YCommon.EXE
    ProductName : YCommon Exe Module
    Created on : 10/12/2003 1:10:05 AM
    Last accessed : 10/1/2004 11:49:06 AM
    Last modified : 7/14/2003 4:55:44 PM

    #:24 [apntex.exe]
    FilePath : C:\Program Files\Apoint2K\
    ThreadCreationTime : 10-1-2004 11:49:32 AM
    BasePriority : Normal
    FileSize : 32 KB
    FileVersion : 5.0.1.13
    ProductVersion : 5.0.1.13
    Copyright : Copyright (C) 1998-2001 Alps Electric Co., Ltd.
    CompanyName : Alps Electric Co., Ltd.
    FileDescription : Alps Pointing-device Driver for Windows NT/2000
    InternalName : Alps Pointing-device Driver for Windows NT/2000
    OriginalFilename : ApntEx.exe
    ProductName : Alps Pointing-device Driver for Windows NT/2000
    Created on : 7/13/2001 5:44:24 PM
    Last accessed : 10/1/2004 11:49:32 AM
    Last modified : 7/13/2001 5:44:24 PM

    #:25 [qnbpn]
    FilePath : C:\WINDOWS\Q328940.log:
    ThreadCreationTime : 10-1-2004 11:49:33 AM
    BasePriority : Normal


    #:26 [ad-aware.exe]
    FilePath : C:\Program Files\Lavasoft\Ad-aware 6\
    ThreadCreationTime : 10-1-2004 12:05:55 PM
    BasePriority : Normal
    FileSize : 724 KB
    FileVersion : 6.0.1.183
    ProductVersion : 6.0.0.0
    Copyright : Copyright
    CompanyName : Lavasoft Sweden
    FileDescription : Ad-aware 6 core application
    InternalName : Ad-aware.exe
    OriginalFilename : Ad-aware.exe
    ProductName : Lavasoft Ad-aware Plus
    Created on : 9/30/2004 11:53:47 PM
    Last accessed : 10/1/2004 12:05:55 PM
    Last modified : 7/13/2003 5:01:58 AM

    Memory scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Started deep registry scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    Deep registry scan result :
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 0


    Deep scanning and examining files (C:)
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    CoolWebSearch Object recognized!
    Type : File
    Data : addkl32.dll
    Category : Malware
    Comment :
    Object : C:\WINDOWS\system32\
    FileSize : 10 KB
    Created on : 9/29/2004 10:50:27 PM
    Last accessed : 10/1/2004 12:25:55 PM
    Last modified : 9/29/2004 10:50:27 PM



    Disk scan result for C:\
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 0
    Objects found so far: 1


    Performing conditional scans..
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯

    CoolWebSearch Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA


    CoolWebSearch Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE


    CoolWebSearch Object recognized!
    Type : RegKey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_LOCAL_MACHINE
    Object : SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW


    Conditional scan result:
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    New objects : 3
    Objects found so far: 4


    5:27:09 AM Scan complete

    Summary of this scan
    ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
    Total scanning time :00:21:05:510
    Objects scanned :227562
    Objects identified :4
    Objects ignored :0
    New objects :4





    Scanned at: 6:22:59 AM on: 10/1/2004


    -- Scan 1 ---------------------------
    About:Buster Version 3.0
    Reference List : 15

    No ADS found on system
    Removed 5 Random Key Entries
    Deleted 1 Service Keys Successfully!
    Removed! : C:\WINDOWS\System32\mfcol.dll
    Attempted Clean Of Temp folder.
    Removed Uninstall Key (HSA)
    Removed Uninstall Key (SE)
    Removed Uninstall Key (SW)
    Pages Reset... Done!

    -- Scan 2 ---------------------------
    About:Buster Version 3.0
    Reference List : 15

    No ADS found on system
    Removed 4 Random Key Entries
    Attempted Clean Of Temp folder.
    Removed Uninstall Key (HSA)
    Removed Uninstall Key (SE)
    Removed Uninstall Key (SW)
    Pages Reset... Done!
     
  2. $teve

    $teve

    Joined:
    Oct 9, 2001
    Messages:
    9,396
    Hi.......both Spyware Nuker and SpywareStormer are scamware programs......totally useless....I would advise you to remove them both.
    ================================================
    Run hijackthis again and put a checkmark against these entries....double check
    in case you miss anything....
    .....then,close all browser and outlook windows including this one and "fix checked"

    O2 - BHO: (no name) - {14A8A5FE-B57D-0B1C-6508-01E9615DFBD7} - C:\WINDOWS\addtz.dll
    O4 - HKLM\..\Run: [appoe.exe] C:\WINDOWS\appoe.exe
    O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52...meInstaller.exe



    Reboot into safe mode by following instructions here: http://helpdesk.its.bethel.edu/resnet/Documents/Antivirus/Safemode.html
    then as some of the files or folders you need to delete may be hidden do this:
    Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked. Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
    Click "Apply" then "OK"

    Locate and delete:
    C:\WINDOWS\appoe.exe
    C:\WINDOWS\Q328940.log:qnbpn

    ==============================
    Empty the Recycle Bin.

    Open internet Explorer Click on "Tools">"Internet Options">And delete temp internet files.
    And clean out your %Userprofile%\Local Settings\Temp
    folder. [It's a good idea to do that regularly.]
    ==============================
    Turn off System Restore:

    On the Desktop, right-click My Computer.
    Click Properties.
    Click the System Restore tab.
    Check Turn off System Restore.
    Click Apply, and then click OK.
    Restart your computer and post an updated HijackThis log.

    When you are sure you are clean turn it back on and create a restore point.
     
  3. raybob123

    raybob123 Thread Starter

    Joined:
    Sep 8, 2004
    Messages:
    7
    $teve thank you for your respond, I have follow your instruction and uninstall the Spyware Nuker 2004 and Spyware Stomer. I also run the Hijakethis again. However, the home page still show up "about: blank" and pop up still coming up. Can you kind enough to tell me what should I do next please. Thanks in advance. Below is the new log






    Logfile of HijackThis v1.98.2
    Scan saved at 10:41:12 AM, on 10/1/2004
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
    C:\WINDOWS\System32\CePMTray.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\toshiba\ivp\ism\pinger.exe
    C:\Program Files\Yahoo!\browser\ybrwicon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Yahoo!\Messenger\ypager.exe
    C:\PROGRA~1\Yahoo!\browser\ycommon.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\AOL Companion\companion.exe
    C:\Program Files\NavNT\defwatch.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\Documents and Settings\Lisa Savant\My Documents\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {92120654-CD35-8954-1537-350A71236991} - C:\WINDOWS\system32\mfcoc32.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn0\ycomp5_3_12_0.dll (file missing)
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPadNF\TPTray.exe
    O4 - HKLM\..\Run: [CeEPOWER] C:\WINDOWS\System32\CePMTray.exe
    O4 - HKLM\..\Run: [CeEKey.exe] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
    O4 - HKLM\..\Run: [ISLP2STA.EXE] ISLP2STA.EXE START
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [YBrowser] C:\Program Files\Yahoo!\browser\ybrwicon.exe
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\SBC Yahoo!\Connection Manager\IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - Global Startup: America Online 8.0 Tray Icon.lnk = C:\Program Files\America Online 8.0\aoltray.exe
    O4 - Global Startup: AOL Companion.lnk = C:\Program Files\AOL Companion\companion.exe
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
    O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\common\ylogin.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
    O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://us.games2.yimg.com/download.games.yahoo.com/games/play/client/exentctl_0_0_0_1.ocx
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/d052c1d7d32ead/housecall.antivirus.com/housecall/xscan53.cab
    O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
     
  4. buckaroo

    buckaroo

    Joined:
    Mar 25, 2001
    Messages:
    3,334
    Try checking this entry in HJT:

    O2 - BHO: (no name) - {92120654-CD35-8954-1537-350A71236991} - C:\WINDOWS\system32\mfcoc32.dll

    ...and then click Fix.

    Also, you should disable Windows Messenger.

    Gp to Start -> Programs. Go to Windows Messenger > Tools > Options > Preferences and uncheck "Run this program when Windows starts"

    Reboot and post a new log, okay?

    :)
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/279911

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice