My friends PC in trouble
- Thread starter Tryin...
- Start date
- Status
K,I think I know what you mean now.
=========================================================================
This file was created by SpyMaxx on 05.31.08 10:03:04 PM
http://spymaxx.com/
=========================================================================
PRODUCT VERSION:
1.1.56
DATABASE VERSION:
1.0.1.52
SCAN MODE:
Quick Scan
*******************************
INFECTED:
84
=========================================
- DETAILED REPORT.
=========================================
*******************************
INFECTED PROCCESS:
1
*******************************
c:\windows\system32\vbpdtvdp.exe - Trojan.ADHammer
*******************************
INFECTED REGISTRY ENTRIES:
25
*******************************
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - CoolWebSearch
*******************************
INFECTED FILES:
58
*******************************
c:\windows\waol.exe - CoolWebSearch
c:\windows\editpad.exe - CoolWebSearch
c:\windows\accesss.exe - CoolWebSearch
c:\windows\astctl32.ocx - CoolWebSearch
c:\windows\avpcc.dll - CoolWebSearch
c:\windows\clrssn.exe - CoolWebSearch
c:\windows\cpan.dll - CoolWebSearch
c:\windows\ctfmon32.exe - CoolWebSearch
c:\windows\ctrlpan.dll - CoolWebSearch
c:\windows\directx32.exe - CoolWebSearch
c:\windows\dnsrelay.dll - CoolWebSearch
c:\windows\explore.exe - CoolWebSearch
c:\windows\explorer32.exe - CoolWebSearch
c:\windows\funniest.exe - CoolWebSearch
c:\windows\funny.exe - CoolWebSearch
c:\windows\gfmnaaa.dll - CoolWebSearch
c:\windows\helpcvs.exe - CoolWebSearch
c:\windows\iedll.exe - CoolWebSearch
c:\windows\iexplorer.exe - CoolWebSearch
c:\windows\inetinf.exe - CoolWebSearch
c:\windows\internet.exe - CoolWebSearch
c:\windows\loader.exe - CoolWebSearch
c:\windows\msconfd.dll - CoolWebSearch
c:\windows\msspi.dll - CoolWebSearch
c:\windows\mssys.exe - CoolWebSearch
c:\windows\msupdate.exe - CoolWebSearch
c:\windows\mswsc10.dll - CoolWebSearch
c:\windows\mswsc20.dll - CoolWebSearch
c:\windows\mtwirl32.dll - CoolWebSearch
c:\windows\notepad32.exe - CoolWebSearch
c:\windows\olehelp.exe - CoolWebSearch
c:\windows\qttasks.exe - CoolWebSearch
c:\windows\quicken.exe - CoolWebSearch
c:\windows\rundll16.exe - CoolWebSearch
c:\windows\rundll32.vbe - CoolWebSearch
c:\windows\searchword.dll - CoolWebSearch
c:\windows\sistem.exe - CoolWebSearch
c:\windows\svchost32.exe - CoolWebSearch
c:\windows\svcinit.exe - CoolWebSearch
c:\windows\systeem.exe - CoolWebSearch
c:\windows\systemcritical.exe - CoolWebSearch
c:\windows\time.exe - CoolWebSearch
c:\windows\users32.exe - CoolWebSearch
c:\windows\win32e.exe - CoolWebSearch
c:\windows\win64.exe - CoolWebSearch
c:\windows\winajbm.dll - CoolWebSearch
c:\windows\window.exe - CoolWebSearch
c:\windows\winmgnt.exe - CoolWebSearch
c:\windows\x.exe - CoolWebSearch
c:\windows\xplugin.dll - CoolWebSearch
c:\windows\xxxvideo.hta - CoolWebSearch
c:\windows\y.exe - CoolWebSearch
c:\windows\search~1.dll - CoolWebSearch parasite variant
c:\program files\webhancer\programs\whiehlpr.dll - Webhancer
c:\program files\webhancer\programs\whagent.exe - Webhancer
c:\windows\default.htm - Trojan.ADHammer
c:\windows\system32\hljwugsf.bin - Trojan.ADHammer
c:\windows\system32\vbpdtvdp.exe - Trojan.ADHammer
*******************************
INFECTED COOKIES:
0
*******************************
- NOT FOUND -
*******************************
INFECTED FAVORITES:
0
*******************************
- NOT FOUND -
=========================================
- END OF FILE.
JH
=========================================================================
This file was created by SpyMaxx on 05.31.08 10:03:04 PM
http://spymaxx.com/
=========================================================================
PRODUCT VERSION:
1.1.56
DATABASE VERSION:
1.0.1.52
SCAN MODE:
Quick Scan
*******************************
INFECTED:
84
=========================================
- DETAILED REPORT.
=========================================
*******************************
INFECTED PROCCESS:
1
*******************************
c:\windows\system32\vbpdtvdp.exe - Trojan.ADHammer
*******************************
INFECTED REGISTRY ENTRIES:
25
*******************************
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{467faeb2-5f5b-4c81-bae0-2a4752ca7f4e} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321e378-ffad-4999-8c62-03ca8155f0b3} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{587dbf2d-9145-4c9e-92c2-1f953da73773} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6cc1c91a-ae8b-4373-a5b4-28ba1851e39a} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79369d5c-2903-4b7a-ade2-d5e0dee14d24} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{799a370d-5993-4887-9df7-0a4756a77d00} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98dbbf16-ca43-4c33-be80-99e6694468a4} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a55581dc-2cdb-4089-8878-71a080b22342} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b847676d-72ac-4393-bfff-43a1eb979352} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bc97b254-b2b9-4d40-971d-78e0978f5f26} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} - CoolWebSearch
HKEY_LOCAL_MACHINE=SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} - CoolWebSearch
*******************************
INFECTED FILES:
58
*******************************
c:\windows\waol.exe - CoolWebSearch
c:\windows\editpad.exe - CoolWebSearch
c:\windows\accesss.exe - CoolWebSearch
c:\windows\astctl32.ocx - CoolWebSearch
c:\windows\avpcc.dll - CoolWebSearch
c:\windows\clrssn.exe - CoolWebSearch
c:\windows\cpan.dll - CoolWebSearch
c:\windows\ctfmon32.exe - CoolWebSearch
c:\windows\ctrlpan.dll - CoolWebSearch
c:\windows\directx32.exe - CoolWebSearch
c:\windows\dnsrelay.dll - CoolWebSearch
c:\windows\explore.exe - CoolWebSearch
c:\windows\explorer32.exe - CoolWebSearch
c:\windows\funniest.exe - CoolWebSearch
c:\windows\funny.exe - CoolWebSearch
c:\windows\gfmnaaa.dll - CoolWebSearch
c:\windows\helpcvs.exe - CoolWebSearch
c:\windows\iedll.exe - CoolWebSearch
c:\windows\iexplorer.exe - CoolWebSearch
c:\windows\inetinf.exe - CoolWebSearch
c:\windows\internet.exe - CoolWebSearch
c:\windows\loader.exe - CoolWebSearch
c:\windows\msconfd.dll - CoolWebSearch
c:\windows\msspi.dll - CoolWebSearch
c:\windows\mssys.exe - CoolWebSearch
c:\windows\msupdate.exe - CoolWebSearch
c:\windows\mswsc10.dll - CoolWebSearch
c:\windows\mswsc20.dll - CoolWebSearch
c:\windows\mtwirl32.dll - CoolWebSearch
c:\windows\notepad32.exe - CoolWebSearch
c:\windows\olehelp.exe - CoolWebSearch
c:\windows\qttasks.exe - CoolWebSearch
c:\windows\quicken.exe - CoolWebSearch
c:\windows\rundll16.exe - CoolWebSearch
c:\windows\rundll32.vbe - CoolWebSearch
c:\windows\searchword.dll - CoolWebSearch
c:\windows\sistem.exe - CoolWebSearch
c:\windows\svchost32.exe - CoolWebSearch
c:\windows\svcinit.exe - CoolWebSearch
c:\windows\systeem.exe - CoolWebSearch
c:\windows\systemcritical.exe - CoolWebSearch
c:\windows\time.exe - CoolWebSearch
c:\windows\users32.exe - CoolWebSearch
c:\windows\win32e.exe - CoolWebSearch
c:\windows\win64.exe - CoolWebSearch
c:\windows\winajbm.dll - CoolWebSearch
c:\windows\window.exe - CoolWebSearch
c:\windows\winmgnt.exe - CoolWebSearch
c:\windows\x.exe - CoolWebSearch
c:\windows\xplugin.dll - CoolWebSearch
c:\windows\xxxvideo.hta - CoolWebSearch
c:\windows\y.exe - CoolWebSearch
c:\windows\search~1.dll - CoolWebSearch parasite variant
c:\program files\webhancer\programs\whiehlpr.dll - Webhancer
c:\program files\webhancer\programs\whagent.exe - Webhancer
c:\windows\default.htm - Trojan.ADHammer
c:\windows\system32\hljwugsf.bin - Trojan.ADHammer
c:\windows\system32\vbpdtvdp.exe - Trojan.ADHammer
*******************************
INFECTED COOKIES:
0
*******************************
- NOT FOUND -
*******************************
INFECTED FAVORITES:
0
*******************************
- NOT FOUND -
=========================================
- END OF FILE.
JH
I apologize for the triple post.But I wanted to finally be done with this virus crap.
Heres the log of whats left after restore:
=========================================================================
This file was created by SpyMaxx on 06.1.08 6:26:33 AM
http://spymaxx.com/
=========================================================================
PRODUCT VERSION:
1.1.56
DATABASE VERSION:
1.0.1.52
SCAN MODE:
Quick Scan
*******************************
INFECTED:
3
=========================================
- DETAILED REPORT.
=========================================
*******************************
INFECTED PROCCESS:
0
*******************************
- NOT FOUND -
*******************************
INFECTED REGISTRY ENTRIES:
0
*******************************
- NOT FOUND -
*******************************
INFECTED FILES:
3
*******************************
c:\windows\rundll32.vbe - CoolWebSearch
c:\windows\default.htm - Trojan.ADHammer
c:\windows\system32\hljwugsf.bin - Trojan.ADHammer
*******************************
INFECTED COOKIES:
0
*******************************
- NOT FOUND -
*******************************
INFECTED FAVORITES:
0
*******************************
- NOT FOUND -
=========================================
- END OF FILE.
JH
Heres the log of whats left after restore:
=========================================================================
This file was created by SpyMaxx on 06.1.08 6:26:33 AM
http://spymaxx.com/
=========================================================================
PRODUCT VERSION:
1.1.56
DATABASE VERSION:
1.0.1.52
SCAN MODE:
Quick Scan
*******************************
INFECTED:
3
=========================================
- DETAILED REPORT.
=========================================
*******************************
INFECTED PROCCESS:
0
*******************************
- NOT FOUND -
*******************************
INFECTED REGISTRY ENTRIES:
0
*******************************
- NOT FOUND -
*******************************
INFECTED FILES:
3
*******************************
c:\windows\rundll32.vbe - CoolWebSearch
c:\windows\default.htm - Trojan.ADHammer
c:\windows\system32\hljwugsf.bin - Trojan.ADHammer
*******************************
INFECTED COOKIES:
0
*******************************
- NOT FOUND -
*******************************
INFECTED FAVORITES:
0
*******************************
- NOT FOUND -
=========================================
- END OF FILE.
JH
Blind Dragon
Posts: 3,774 +4
Spymaxx is a rogue antispyware app. it reports falsely that you are infected in an attempt to get you to purchase their software.
Even though you did a system restore I suggest following my instructions to secure your system from future attacks as well as checking for previous infections. And needless to say don't use Spymaxx. Here is some additional info = http://www.2-viruses.com/remove-spymaxx
If you really had CWS we can remove that as well.
Highjackthis Instructions
Even though you did a system restore I suggest following my instructions to secure your system from future attacks as well as checking for previous infections. And needless to say don't use Spymaxx. Here is some additional info = http://www.2-viruses.com/remove-spymaxx
If you really had CWS we can remove that as well.
Highjackthis Instructions
- Make sure you have the LATEST version of HJT (currently v2.0.0.2) it can be downloaded from HERE
- Run the HijackThis Installer and it will automatically place HJT in C:\Program Files\TrendMicro\HijackThis\HijackThis.exe. Please don't change the directory.
- After installing, the program launches automatically, select Scan now and save a log
- After the scan is complete please attach your log onto the forums using the paper clip icon above your reply.
- Status
Similar threads
Latest posts
-
US TikTok ban could begin next year as Biden signs law, but legal battle looms- GodisanAtheist replied
-
8BitDo updates gamepads with drift-proof hall-effect analog sticks- Daniel Sims replied
-
The Best Handheld Gaming Consoles- amghwk replied
