TechSpot

My friends PC in trouble

By Tryin...
May 31, 2008
  1. It d.l'ed some crap to registry.I need help URgent.I dont know exactly what,but ccleaner couldnt find it.PLease help
     
  2. 10yrtech

    10yrtech TS Rookie

    Post a HI-Jack this log please
     
  3. Tryin...

    Tryin... TS Rookie Topic Starter Posts: 27

    IDK what you mean man.his registry all ****ed up.I scanned with Spymax(But I need to buy to clean).Please help if you can.A program ,anything.I tried ccleaner it didnt find the bad 1s.
     
  4. 10yrtech

    10yrtech TS Rookie

    download Regscrub XP and clean everything that it finds
     
  5. Tryin...

    Tryin... TS Rookie Topic Starter Posts: 27

    K,I think I know what you mean now.

    =========================================================================

    This file was created by SpyMaxx on 05.31.08 10:03:04 PM

    http://spymaxx.com/

    =========================================================================


    PRODUCT VERSION:

    1.1.56

    DATABASE VERSION:

    1.0.1.52

    SCAN MODE:

    Quick Scan


    *******************************

    INFECTED:

    84


    =========================================

    - DETAILED REPORT.

    =========================================


    *******************************

    INFECTED PROCCESS:

    1

    *******************************


    c:\windows\system32\vbpdtvdp.exe - Trojan.ADHammer



    *******************************

    INFECTED REGISTRY ENTRIES:

    25

    *******************************


    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} - CoolWebSearch
    HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - CoolWebSearch



    *******************************

    INFECTED FILES:

    58

    *******************************


    c:\windows\waol.exe - CoolWebSearch
    c:\windows\editpad.exe - CoolWebSearch
    c:\windows\accesss.exe - CoolWebSearch
    c:\windows\astctl32.ocx - CoolWebSearch
    c:\windows\avpcc.dll - CoolWebSearch
    c:\windows\clrssn.exe - CoolWebSearch
    c:\windows\cpan.dll - CoolWebSearch
    c:\windows\ctfmon32.exe - CoolWebSearch
    c:\windows\ctrlpan.dll - CoolWebSearch
    c:\windows\directx32.exe - CoolWebSearch
    c:\windows\dnsrelay.dll - CoolWebSearch
    c:\windows\explore.exe - CoolWebSearch
    c:\windows\explorer32.exe - CoolWebSearch
    c:\windows\funniest.exe - CoolWebSearch
    c:\windows\funny.exe - CoolWebSearch
    c:\windows\gfmnaaa.dll - CoolWebSearch
    c:\windows\helpcvs.exe - CoolWebSearch
    c:\windows\iedll.exe - CoolWebSearch
    c:\windows\iexplorer.exe - CoolWebSearch
    c:\windows\inetinf.exe - CoolWebSearch
    c:\windows\internet.exe - CoolWebSearch
    c:\windows\loader.exe - CoolWebSearch
    c:\windows\msconfd.dll - CoolWebSearch
    c:\windows\msspi.dll - CoolWebSearch
    c:\windows\mssys.exe - CoolWebSearch
    c:\windows\msupdate.exe - CoolWebSearch
    c:\windows\mswsc10.dll - CoolWebSearch
    c:\windows\mswsc20.dll - CoolWebSearch
    c:\windows\mtwirl32.dll - CoolWebSearch
    c:\windows\notepad32.exe - CoolWebSearch
    c:\windows\olehelp.exe - CoolWebSearch
    c:\windows\qttasks.exe - CoolWebSearch
    c:\windows\quicken.exe - CoolWebSearch
    c:\windows\rundll16.exe - CoolWebSearch
    c:\windows\rundll32.vbe - CoolWebSearch
    c:\windows\searchword.dll - CoolWebSearch
    c:\windows\sistem.exe - CoolWebSearch
    c:\windows\svchost32.exe - CoolWebSearch
    c:\windows\svcinit.exe - CoolWebSearch
    c:\windows\systeem.exe - CoolWebSearch
    c:\windows\systemcritical.exe - CoolWebSearch
    c:\windows\time.exe - CoolWebSearch
    c:\windows\users32.exe - CoolWebSearch
    c:\windows\win32e.exe - CoolWebSearch
    c:\windows\win64.exe - CoolWebSearch
    c:\windows\winajbm.dll - CoolWebSearch
    c:\windows\window.exe - CoolWebSearch
    c:\windows\winmgnt.exe - CoolWebSearch
    c:\windows\x.exe - CoolWebSearch
    c:\windows\xplugin.dll - CoolWebSearch
    c:\windows\xxxvideo.hta - CoolWebSearch
    c:\windows\y.exe - CoolWebSearch
    c:\windows\search~1.dll - CoolWebSearch parasite variant
    c:\program files\webhancer\programs\whiehlpr.dll - Webhancer
    c:\program files\webhancer\programs\whagent.exe - Webhancer
    c:\windows\default.htm - Trojan.ADHammer
    c:\windows\system32\hljwugsf.bin - Trojan.ADHammer
    c:\windows\system32\vbpdtvdp.exe - Trojan.ADHammer



    *******************************

    INFECTED COOKIES:

    0

    *******************************


    - NOT FOUND -


    *******************************

    INFECTED FAVORITES:

    0

    *******************************


    - NOT FOUND -


    =========================================

    - END OF FILE.
    JH
     
  6. Tryin...

    Tryin... TS Rookie Topic Starter Posts: 27

    Sorry for triple post.But this is important:

    How exactly do I work Regscrub.I clicked on find problems,it found quite a bit..But I dont know where to go from here.Click on Restore,Or what?
     
  7. 10yrtech

    10yrtech TS Rookie

    also get superantispyware and run it also
     
  8. Tryin...

    Tryin... TS Rookie Topic Starter Posts: 27

    I did,thx for help man.The trojan an stuff isnt gone tho.How do I get rid of that?
     
  9. Tryin...

    Tryin... TS Rookie Topic Starter Posts: 27

    I got it guys! I was able to system restore thx anyway tho.
     
  10. Tryin...

    Tryin... TS Rookie Topic Starter Posts: 27

    I apologize for the triple post.But I wanted to finally be done with this virus crap.

    Heres the log of whats left after restore:


    =========================================================================

    This file was created by SpyMaxx on 06.1.08 6:26:33 AM

    http://spymaxx.com/

    =========================================================================


    PRODUCT VERSION:

    1.1.56

    DATABASE VERSION:

    1.0.1.52

    SCAN MODE:

    Quick Scan


    *******************************

    INFECTED:

    3


    =========================================

    - DETAILED REPORT.

    =========================================


    *******************************

    INFECTED PROCCESS:

    0

    *******************************


    - NOT FOUND -


    *******************************

    INFECTED REGISTRY ENTRIES:

    0

    *******************************


    - NOT FOUND -


    *******************************

    INFECTED FILES:

    3

    *******************************


    c:\windows\rundll32.vbe - CoolWebSearch
    c:\windows\default.htm - Trojan.ADHammer
    c:\windows\system32\hljwugsf.bin - Trojan.ADHammer

    *******************************

    INFECTED COOKIES:

    0

    *******************************


    - NOT FOUND -


    *******************************

    INFECTED FAVORITES:

    0

    *******************************


    - NOT FOUND -


    =========================================

    - END OF FILE.
    JH
     
  11. Blind Dragon

    Blind Dragon TS Evangelist Posts: 3,908

    Spymaxx is a rogue antispyware app. it reports falsely that you are infected in an attempt to get you to purchase their software.

    Even though you did a system restore I suggest following my instructions to secure your system from future attacks as well as checking for previous infections. And needless to say don't use Spymaxx. Here is some additional info = http://www.2-viruses.com/remove-spymaxx

    If you really had CWS we can remove that as well.

    Highjackthis Instructions
    • Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
    • Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
    • After installing, the program launches automatically, select Scan now and save a log
    • After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...