View Full Version : cant remove coolwwwsearch
hello
spybot doesnt seem to remove a coolwwwsearch variant i got today.
i start windows in savemode and after scanning spybot says it has removed coolwwwsearch from my system. when i normaly log in and start my internet explorer, im again redirected to "about:blank" and kaspersky antivirus detects and removes "Trojan.Win32.Agent.bi" and "Trojan-Downloader.Win32.Agent.td". thse two trojans are only detected once i start the IE, otherwise kaspersky says my system is clean.
there are 3 entries always showing up under "software":HomeSearchExtender, ShoppingWizard and SearchExtender.
after spybot has finished cleaning these are gone, as soon as i start IE they are back.
here is my Hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 17:40:56, on 25.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Dokumente und Einstellungen\Psionic\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bfpld.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\obgyc.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\bfpld.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\bfpld.dll/sp.html#53142%resultposition.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\bfpld.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bfpld.dll/sp.html#53142%resultposition.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\bfpld.dll/sp.html#53142%resultposition.net
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {7F0F2565-877E-9354-50D9-CAEBA6908734} - C:\WINDOWS\system32\iedu32.dll
O2 - BHO: Class - {9FDF9F05-731F-BB1B-8038-145341EE7FEB} - C:\WINDOWS\apivb.dll
O2 - BHO: Class - {B291DEE2-D9B2-592B-0C2E-27B58D348424} - C:\WINDOWS\msvt32.dll
O2 - BHO: Class - {E064B1BE-9CE1-12FD-649D-C3AF86045971} - C:\WINDOWS\system32\nthg.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124315208265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125221345453
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
i have generated a new logfile, the first one i posted was while in the process of cleaning with spybot/restarting. this one here should do it:
Logfile of HijackThis v1.99.1
Scan saved at 21:09:10, on 25.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Messenger\msmsgs.exe
C:\Dokumente und Einstellungen\Psionic\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.druckwelle-hq.de/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {7F0F2565-877E-9354-50D9-CAEBA6908734} - C:\WINDOWS\system32\iedu32.dll
O2 - BHO: Class - {9FDF9F05-731F-BB1B-8038-145341EE7FEB} - C:\WINDOWS\apivb.dll
O2 - BHO: Class - {B291DEE2-D9B2-592B-0C2E-27B58D348424} - C:\WINDOWS\msvt32.dll
O2 - BHO: Class - {E064B1BE-9CE1-12FD-649D-C3AF86045971} - C:\WINDOWS\system32\nthg.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [apiqm.exe] C:\WINDOWS\apiqm.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124315208265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125221345453
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Workstation NetLogon Service ( 11Fßä�#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\crpc32.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
Hello.
I moved your topic to the Malware removal forum.
Before you post a log (http://forums.spybot.info/showthread.php?t=288[/url)
Someone will take a look as soon as available.
Cheers.
LonnyRJones
2005-12-26, 13:13
Hi marco72
Download/save aboutbuster to your desktop, extract/unzip then run the program and fallow the prompts then restart the pc, post a new hijackthis log.
http://www.downloads.subratam.org/AboutBuster.zip
i have run "aboutbuster" in save mode twice and then spybot again.
the system seems somewhat ok now but when i enter savemode again and run aboutbuster again, it finds CWS infection again after every system restart.
aboutbuster also end with an error message, i dont know if thats mission critical tho: "run-time error 339, component comctl32.ocx or one of its dependencies not correctly registred: a file is missing or invalid"
here is my actual hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 13:49:24, on 26.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Psionic\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7F0F2565-877E-9354-50D9-CAEBA6908734} - (no file)
O2 - BHO: (no name) - {9FDF9F05-731F-BB1B-8038-145341EE7FEB} - (no file)
O2 - BHO: (no name) - {B291DEE2-D9B2-592B-0C2E-27B58D348424} - (no file)
O2 - BHO: (no name) - {E064B1BE-9CE1-12FD-649D-C3AF86045971} - (no file)
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124315208265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125221345453
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
LonnyRJones
2005-12-26, 14:00
Is this the first time you have used aboutbuster ?
If not redownload and run, its been changed recently
Please disable SpybotSD TeaTimer, as it may hinder the removal of the infection.
You can enable it after you're clean.
To disable SpybotSD TeaTimer:
Open Spybot and click on Mode and check Advanced Mode
Check yes to next window.
Click on Tools in bottom left hand corner.
Click on System Startup icon.
Uncheck Teatimer box.
Dont turn it back on until we are completely finished with this thread.
Start Hijackthis and place a check next to these items If there.
O2 - BHO: (no name) - {7F0F2565-877E-9354-50D9-CAEBA6908734} - (no file)
O2 - BHO: (no name) - {9FDF9F05-731F-BB1B-8038-145341EE7FEB} - (no file)
O2 - BHO: (no name) - {B291DEE2-D9B2-592B-0C2E-27B58D348424} - (no file)
O2 - BHO: (no name) - {E064B1BE-9CE1-12FD-649D-C3AF86045971} - (no file)
====================================
Hit fix checked and close Hijackthis.
Restart the PC
Post back with another log
yes i used and downloaded "aboutbuster" the first time today.
ive done as you said + something:
-disabled teatime
-started windows in savemode
-ran "hijackthis" and fixed the 4 entries
-ran "aboutbuster" again, it again found some stuff and removed it
-ran "spybot" again, it didnt find any threads
-restarted system in normal mode
-started IE just to be sure
-made a new "hijackthis" log
-teatime is still disabled
teatime does indeed seem to have put the entries back in the first time, but im sure youre gonna tell me how to fix that :)
actual log:
Logfile of HijackThis v1.99.1
Scan saved at 21:03:51, on 26.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Psionic\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124315208265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125221345453
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
LonnyRJones
2005-12-27, 02:27
Hi
Turn tea timer back on then Right click on tea timers icon near the clock in the windows taskbar > settings > there are four tabs, select and delete all those.
That last log looks fine :)
hi that didnt work as wanted. even after deleting all the entries in the settings section, tea timer did put the bad entries back into the registry.
i did then uninstall spybot, ran aboutbuster again in savemode and fixed the 4 entries in the hijack log and then reinstalled spybot. that did the job, the 4 entries are gone now !
what still puzzles me tho is that when i run about buster now, it still finds a CWS infection and removes some STREAMS in like about 8 files. the hijack this log seems clear tho. i still include it again.
Logfile of HijackThis v1.99.1
Scan saved at 11:51:42, on 27.12.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Programme\Microsoft IntelliPoint\point32.exe
C:\Programme\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Dokumente und Einstellungen\Psionic\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.t-online.de/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.asus.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Programme\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Programme\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Programme\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kav.exe" /minimize
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [STYLEXP] C:\Programme\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programme\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124315208265
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125221345453
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\kavsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Programme\SiSoftware\SiSoftware Sandra Professional 2005.SR1\RpcSandraSrv.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programme\TGTSoft\StyleXP\StyleXPService.exe
LonnyRJones
2005-12-27, 16:03
I do not think leftover ads streams will reinfect your pc
post then fix any ADS using Hijackthis's tools, click config > misc tools >
open ads spy > scan then save the report, select all thats found and remove them.
uhm im puzzled.
i ran the scan as you said (in savemode) and when i uncheck "quickscan- windows base folder only" hijack this find a good a few hundred maybe files with "KAVICHS" at the end of them. the log would prolly be too long to post but i read through a few of them and i know i dont want to remove some of the files :)
i did also scan the /windows folder and here is the log. i didnt remove anything yet, because i know i defenately need some of these files too.
adsspy.txt:
C:\WINDOWS\Angler.bmp : KAVICHS (36 bytes)
C:\WINDOWS\Ascd_tmp.ini : KAVICHS (36 bytes)
C:\WINDOWS\basecsp.log : KAVICHS (36 bytes)
C:\WINDOWS\Blaue Spitzen 16.bmp : KAVICHS (36 bytes)
C:\WINDOWS\bootstat.dat : KAVICHS (68 bytes)
C:\WINDOWS\clock.avi : KAVICHS (36 bytes)
C:\WINDOWS\cmsetacl.log : KAVICHS (36 bytes)
C:\WINDOWS\COM+.log : KAVICHS (36 bytes)
C:\WINDOWS\comsetup.log : KAVICHS (36 bytes)
C:\WINDOWS\DirectX.log : KAVICHS (36 bytes)
C:\WINDOWS\DtcInstall.log : KAVICHS (36 bytes)
C:\WINDOWS\explorer.exe : KAVICHS (100 bytes)
C:\WINDOWS\explorer.scf : KAVICHS (36 bytes)
C:\WINDOWS\EZMacros.INI : KAVICHS (36 bytes)
C:\WINDOWS\FaxSetup.log : KAVICHS (36 bytes)
C:\WINDOWS\Feder.bmp : KAVICHS (36 bytes)
C:\WINDOWS\Fächer.bmp : KAVICHS (36 bytes)
C:\WINDOWS\game.ini : KAVICHS (36 bytes)
C:\WINDOWS\Granit.bmp : KAVICHS (36 bytes)
C:\WINDOWS\hh.exe : KAVICHS (36 bytes)
C:\WINDOWS\iis6.log : KAVICHS (36 bytes)
C:\WINDOWS\imsins.BAK : KAVICHS (36 bytes)
C:\WINDOWS\imsins.log : KAVICHS (36 bytes)
C:\WINDOWS\IsUninst.exe : KAVICHS (36 bytes)
C:\WINDOWS\Kaffeetasse.bmp : KAVICHS (36 bytes)
C:\WINDOWS\Katze mit Hut.jpg : KAVICHS (36 bytes)
C:\WINDOWS\KB873333.log : KAVICHS (36 bytes)
C:\WINDOWS\KB873339.log : KAVICHS (36 bytes)
C:\WINDOWS\KB885250.log : KAVICHS (36 bytes)
C:\WINDOWS\KB885835.log : KAVICHS (36 bytes)
C:\WINDOWS\KB885836.log : KAVICHS (36 bytes)
C:\WINDOWS\KB885884.log : KAVICHS (36 bytes)
C:\WINDOWS\KB886185.log : KAVICHS (36 bytes)
C:\WINDOWS\KB887472.log : KAVICHS (36 bytes)
C:\WINDOWS\KB887742.log : KAVICHS (36 bytes)
C:\WINDOWS\KB887797.log : KAVICHS (36 bytes)
C:\WINDOWS\KB888113.log : KAVICHS (36 bytes)
C:\WINDOWS\KB888302.log : KAVICHS (36 bytes)
C:\WINDOWS\KB890046.log : KAVICHS (36 bytes)
C:\WINDOWS\KB890859.log : KAVICHS (36 bytes)
C:\WINDOWS\KB891122.log : KAVICHS (36 bytes)
C:\WINDOWS\KB891781.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893066.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893086.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893756.log : KAVICHS (36 bytes)
C:\WINDOWS\KB893803v2.log : KAVICHS (36 bytes)
C:\WINDOWS\KB894391.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896358.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896422.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896423.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896424.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896428.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896688.log : KAVICHS (36 bytes)
C:\WINDOWS\KB896727.log : KAVICHS (36 bytes)
C:\WINDOWS\KB898461.log : KAVICHS (36 bytes)
C:\WINDOWS\KB899587.log : KAVICHS (36 bytes)
C:\WINDOWS\KB899588.log : KAVICHS (36 bytes)
C:\WINDOWS\KB899589.log : KAVICHS (36 bytes)
C:\WINDOWS\KB899591.log : KAVICHS (36 bytes)
C:\WINDOWS\KB900725.log : KAVICHS (36 bytes)
C:\WINDOWS\KB900930.log : KAVICHS (36 bytes)
C:\WINDOWS\KB901017.log : KAVICHS (36 bytes)
C:\WINDOWS\KB901214.log : KAVICHS (36 bytes)
C:\WINDOWS\KB902344.log : KAVICHS (36 bytes)
C:\WINDOWS\KB902400.log : KAVICHS (36 bytes)
C:\WINDOWS\KB904706.log : KAVICHS (36 bytes)
C:\WINDOWS\KB905414.log : KAVICHS (36 bytes)
C:\WINDOWS\KB905749.log : KAVICHS (36 bytes)
C:\WINDOWS\KB905915.log : KAVICHS (36 bytes)
C:\WINDOWS\KB910437.log : KAVICHS (36 bytes)
C:\WINDOWS\MedCtrOC.log : KAVICHS (36 bytes)
C:\WINDOWS\mozver.dat : KAVICHS (36 bytes)
C:\WINDOWS\msdfmap.ini : KAVICHS (36 bytes)
C:\WINDOWS\msgsocm.log : KAVICHS (36 bytes)
C:\WINDOWS\msmqinst.log : KAVICHS (36 bytes)
C:\WINDOWS\netfxocm.log : KAVICHS (36 bytes)
C:\WINDOWS\NOTEPAD.EXE : KAVICHS (36 bytes)
C:\WINDOWS\ntbtlog.txt : KAVICHS (36 bytes)
C:\WINDOWS\ntdtcsetup.log : KAVICHS (36 bytes)
C:\WINDOWS\ocgen.log : KAVICHS (36 bytes)
C:\WINDOWS\ocmsn.log : KAVICHS (36 bytes)
C:\WINDOWS\ODBC.INI : KAVICHS (36 bytes)
C:\WINDOWS\ODBCINST.INI : KAVICHS (36 bytes)
C:\WINDOWS\OEWABLog.txt : KAVICHS (36 bytes)
C:\WINDOWS\opuc.dll : KAVICHS (36 bytes)
C:\WINDOWS\PRINTERS.EXE : KAVICHS (36 bytes)
C:\WINDOWS\Präriewind.bmp : KAVICHS (36 bytes)
C:\WINDOWS\regedit.exe : KAVICHS (36 bytes)
C:\WINDOWS\REGLOCS.OLD : KAVICHS (36 bytes)
C:\WINDOWS\regopt.log : KAVICHS (36 bytes)
C:\WINDOWS\Rhododendron.bmp : KAVICHS (36 bytes)
C:\WINDOWS\Santa Fe-Stuck.bmp : KAVICHS (36 bytes)
C:\WINDOWS\SchedLgU.Txt : KAVICHS (36 bytes)
C:\WINDOWS\scunin.dat : KAVICHS (36 bytes)
C:\WINDOWS\ScUnin.exe : KAVICHS (36 bytes)
C:\WINDOWS\ScUnin.pif : KAVICHS (36 bytes)
C:\WINDOWS\Seifenblase.bmp : KAVICHS (36 bytes)
C:\WINDOWS\sessmgr.setup.log : KAVICHS (36 bytes)
C:\WINDOWS\setupact.log : KAVICHS (36 bytes)
C:\WINDOWS\setupapi.log : KAVICHS (36 bytes)
C:\WINDOWS\setuplog.txt : KAVICHS (36 bytes)
C:\WINDOWS\spupdsvc.log : KAVICHS (36 bytes)
C:\WINDOWS\stub1.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub10.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub11.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub12.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub13.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub14.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub15.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub16.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub17.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub18.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub19.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub2.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub20.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub21.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub22.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub23.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub24.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub25.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub26.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub27.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub28.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub29.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub3.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub30.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub31.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub32.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub33.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub34.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub35.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub36.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub37.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub38.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub39.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub4.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub40.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub41.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub42.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub43.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub44.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub45.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub46.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub47.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub48.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub49.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub5.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub50.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub51.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub52.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub53.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub54.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub55.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub56.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub57.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub58.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub59.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub6.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub60.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub61.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub62.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub63.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub64.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub65.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub66.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub67.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub68.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub69.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub7.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub70.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub71.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub72.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub73.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub74.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub75.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub76.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub77.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub78.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub79.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub8.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub80.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub81.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub82.ini : KAVICHS (36 bytes)
C:\WINDOWS\stub9.ini : KAVICHS (36 bytes)
C:\WINDOWS\SYMEVENT.LOG : KAVICHS (36 bytes)
C:\WINDOWS\system.ini : KAVICHS (68 bytes)
C:\WINDOWS\tabletoc.log : KAVICHS (36 bytes)
C:\WINDOWS\TASKMAN.EXE : KAVICHS (36 bytes)
C:\WINDOWS\Thumbs.db : KAVICHS (36 bytes)
C:\WINDOWS\tsoc.log : KAVICHS (36 bytes)
C:\WINDOWS\twain.dll : KAVICHS (36 bytes)
C:\WINDOWS\twain_32.dll : KAVICHS (36 bytes)
C:\WINDOWS\twunk_16.exe : KAVICHS (36 bytes)
C:\WINDOWS\twunk_32.exe : KAVICHS (36 bytes)
C:\WINDOWS\updspapi.log : KAVICHS (36 bytes)
C:\WINDOWS\vb.ini : KAVICHS (36 bytes)
C:\WINDOWS\vbaddin.ini : KAVICHS (36 bytes)
C:\WINDOWS\vmmreg32.dll : KAVICHS (36 bytes)
C:\WINDOWS\wiadebug.log : KAVICHS (36 bytes)
C:\WINDOWS\wiaservc.log : KAVICHS (36 bytes)
C:\WINDOWS\win.ini : KAVICHS (68 bytes)
C:\WINDOWS\winamp.ini : KAVICHS (36 bytes)
C:\WINDOWS\WindowsUpdate.log : KAVICHS (36 bytes)
C:\WINDOWS\winhelp.exe : KAVICHS (36 bytes)
C:\WINDOWS\winhlp32.exe : KAVICHS (36 bytes)
C:\WINDOWS\winnt.bmp : KAVICHS (36 bytes)
C:\WINDOWS\winnt256.bmp : KAVICHS (36 bytes)
C:\WINDOWS\WMCSetup.log : KAVICHS (36 bytes)
C:\WINDOWS\wmprfDEU.prx : KAVICHS (36 bytes)
C:\WINDOWS\wmsetup.log : KAVICHS (36 bytes)
C:\WINDOWS\wmsetup10.log : KAVICHS (36 bytes)
C:\WINDOWS\WMSysPr9.prx : KAVICHS (36 bytes)
C:\WINDOWS\xmd.ico : KAVICHS (36 bytes)
C:\WINDOWS\Zapotek.bmp : KAVICHS (36 bytes)
C:\WINDOWS\_default.pif : KAVICHS (36 bytes)
C:\WINDOWS\_MSRSTRT.EXE : KAVICHS (36 bytes)
LonnyRJones
2005-12-28, 00:44
Hi
Those are put there by Kaspersky, so no worry your fine.
If what About buster finds is differant post its log
any other questions ?
yes, i think my system is fine now.
thank you and all the staff for the quick and competent help !!
you really saved me, i allready saw myself reinstalling my system.
special thanks for the help on x-mas hollidays even !!!
best wishes to the whole team and a FAT 2006 !!!!
marco
LonnyRJones
2005-12-29, 01:37
Im Glad we could help
Since the problems are solved Im going to close the topic now, this keeps others with similar problems from posting there logs/question here, they should start a new topic.
If you should need to post another log for the same PC let me or Tashi know.
Regards
Lonny