• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
SirPeter

CWS

13 posts in this topic

CWSshredder didnt found anything but CWS infected some of the svchosts when i viewed them in dos.

Anyway i hope anyone can help me out ;)

 

 

PV log thingy:

 

 

Module information for 'Explorer.EXE'

MODULE BASE SIZE PATH

Explorer.EXE 1000000 1019904 D:\WINDOWS\Explorer.EXE 6.00.2800.1106 (xpsp1.020828-1920) Windows Verkenner

ntdll.dll 77f40000 708608 D:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL-bestand voor NT-laag

kernel32.dll 77e40000 983040 D:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows NT BASE API-client

msvcrt.dll 77be0000 339968 D:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL

ADVAPI32.dll 77da0000 643072 D:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Geavanceerde Windows 32 basis-API

RPCRT4.dll 78000000 552960 D:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime

GDI32.dll 7e180000 266240 D:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL

USER32.dll 77d10000 573440 D:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) DLL-bestand voor Windows XP USER API-client

SHLWAPI.dll 70a70000 413696 D:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell lichtgewicht hulpprogrammabibliotheek

SHELL32.dll 77390000 8380416 D:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Gemeenschappelijk DLL-bestand van Windows Shell

ole32.dll 7ccc0000 1196032 D:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE voor Windows

OLEAUT32.dll 770e0000 569344 D:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems

BROWSEUI.dll 71500000 1036288 D:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser-bibliotheek voor gebruikersinterface

SHDOCVW.dll 71700000 1347584 D:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Objecten- en besturingselementenbibliotheek Shell Doc

UxTheme.dll 5b190000 212992 D:\WINDOWS\System32\UxTheme.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-bestand Microsoft UxTheme

comctl32.dll 78090000 933888 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library

comctl32.dll 77300000 569344 D:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library

appHelp.dll 75ee0000 122880 D:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library

CLBCATQ.DLL 7a170000 528384 D:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53

COMRes.dll 77010000 839680 D:\WINDOWS\System32\COMRes.dll 2001.12.4414.42

VERSION.dll 77bd0000 28672 D:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries

cscui.dll 765c0000 327680 D:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface voor caching aan clientzijde

CSCDLL.dll 765a0000 110592 D:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Off line netwerk-agent

themeui.dll 5ba50000 466944 D:\WINDOWS\System32\themeui.dll 6.00.2800.1106 (xpsp1.020828-1920) Windows Thema-API

Secur32.dll 76f50000 65536 D:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface

MSIMG32.dll 76320000 20480 D:\WINDOWS\System32\MSIMG32.dll 5.1.2600.1106 (xpsp1.020828-1920) GDIEXT Client DLL

USERENV.dll 75a10000 679936 D:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv

msutb.dll 60070000 196608 D:\WINDOWS\System32\msutb.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor MSUTB-server

MSCTF.dll 746a0000 278528 D:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor MSCTF-server

netapi32.dll 71bb0000 319488 D:\WINDOWS\System32\netapi32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL

urlmon.dll 1a400000 499712 D:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 OLE32-extensies voor Win32

LINKINFO.dll 76930000 28672 D:\WINDOWS\System32\LINKINFO.dll 5.1.2600.0 (xpclient.010817-1148) Windows Volume Tracking

ntshrui.dll 76940000 151552 D:\WINDOWS\System32\ntshrui.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell-uitbreidingen voor delen

ATL.DLL 76ad0000 86016 D:\WINDOWS\System32\ATL.DLL 3.00.9435 ATL Module for Windows NT (Unicode)

WINTRUST.dll 76bf0000 176128 D:\WINDOWS\System32\WINTRUST.dll 5.131.2600.0 (xpclient.010817-1148) API's voor Microsoft-vertrouwenslijstcontrole

CRYPT32.dll 76260000 561152 D:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto-API32

MSASN1.dll 76240000 65536 D:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs

IMAGEHLP.dll 76c50000 139264 D:\WINDOWS\system32\IMAGEHLP.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows NT Image Helper

rsaenh.dll ffd0000 143360 D:\WINDOWS\System32\rsaenh.dll 5.1.2600.1029 (xpsp1.020426-1800) Microsoft Base Cryptographic Provider

MsgPlusH.DLL 10000000 278528 D:\Program Files\Messenger Plus! Extension\MsgPlusH.DLL 1.4.2.0

WININET.dll 63000000 618496 D:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Internet-extensies voor Win32

msi.dll 1200000 2101248 D:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer

WINSTA.dll 76300000 61440 D:\WINDOWS\System32\WINSTA.dll 5.1.2600.1106 (xpsp1.020828-1920) Winstation Library

webcheck.dll 74ab0000 270336 D:\WINDOWS\System32\webcheck.dll 6.00.2800.1106 (xpsp1.020828-1920) Website Monitor

stobject.dll 74a80000 131072 D:\WINDOWS\System32\stobject.dll 5.1.2600.1106 (xpsp1.020828-1920) Systray-shellserviceobject

BatMeter.dll 74a70000 36864 D:\WINDOWS\System32\BatMeter.dll 6.00.2600.0000 (xpclient.010817-1148) DLL-bestand voor helper van accumeter

POWRPROF.dll 74a50000 28672 D:\WINDOWS\System32\POWRPROF.dll 6.00.2600.0000 (xpclient.010817-1148) Power Profile Helper DLL

SETUPAPI.dll 76620000 962560 D:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API

WTSAPI32.dll 76f10000 32768 D:\WINDOWS\System32\WTSAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Terminal Server SDK APIs

NETSHELL.dll 75c90000 1658880 D:\WINDOWS\system32\NETSHELL.dll 5.1.2600.1106 (xpsp1.020828-1920) Shell voor Netwerkverbindingen

credui.dll 76bc0000 184320 D:\WINDOWS\system32\credui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface van referentiebeheer

WS2_32.dll 71a30000 86016 D:\WINDOWS\system32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL

WS2HELP.dll 71a20000 32768 D:\WINDOWS\system32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0-helper voor Windows NT

iphlpapi.dll 76d20000 94208 D:\WINDOWS\system32\iphlpapi.dll 5.1.2600.2 (xpsp1.020828-1920) IP-helper-API

SXS.DLL 75e30000 684032 D:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5

a2handler.dll 57800000 114688 J:\Program Files\a2\a2handler.dll

printui.dll 74b00000 544768 D:\WINDOWS\System32\printui.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor gebruikersinterface voor afdrukken

WINSPOOL.DRV 72f70000 143360 D:\WINDOWS\System32\WINSPOOL.DRV 5.1.2600.1106 (xpsp1.020828-1920) Windows Spoolerstuurprogramma

ACTIVEDS.dll 76e00000 192512 D:\WINDOWS\System32\ACTIVEDS.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor routerlaag van Active Directory

adsldpc.dll 76dd0000 151552 D:\WINDOWS\System32\adsldpc.dll 5.1.2600.1106 (xpsp1.020828-1920) ADs LDAP Provider C DLL-bestand

WLDAP32.dll 76f20000 184320 D:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL

CFGMGR32.dll 74a60000 28672 D:\WINDOWS\System32\CFGMGR32.dll 5.1.2600.0 (xpclient.010817-1148) Configuration Manager Forwarder DLL

MPR.dll 71aa0000 69632 D:\WINDOWS\system32\MPR.dll 5.1.2600.0 (xpclient.010817-1148) DLL-bestand voor multiple-providerrouter

WINMM.dll 76af0000 184320 D:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL

drprov.dll 75f00000 24576 D:\WINDOWS\System32\drprov.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Terminal Server Network Provider

ntlanman.dll 71ba0000 53248 D:\WINDOWS\System32\ntlanman.dll 5.1.2600.1106 (xpsp1.020828-1920) Microsoft® Lan Manager

NETUI0.dll 71c60000 90112 D:\WINDOWS\System32\NETUI0.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - GUI-klassen

NETUI1.dll 71c20000 245760 D:\WINDOWS\System32\NETUI1.dll 5.1.2600.0 (xpclient.010817-1148) NT LM UI Common Code - Networking classes

NETRAP.dll 71c10000 24576 D:\WINDOWS\System32\NETRAP.dll 5.1.2600.0 (xpclient.010817-1148) Net Remote Admin Protocol DLL

SAMLIB.dll 71b80000 69632 D:\WINDOWS\System32\SAMLIB.dll 5.1.2600.1106 (xpsp1.020828-1920) SAM Library DLL

davclnt.dll 75f10000 36864 D:\WINDOWS\System32\davclnt.dll 5.1.2600.0 (xpclient.010817-1148) Web DAV Client-dll

shdoclc.dll 76110000 573440 D:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc

browselc.dll 723c0000 77824 D:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface

DUSER.dll 6c6a0000 278528 D:\WINDOWS\System32\DUSER.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows DirectUser Engine

MSGINA.dll 75910000 995328 D:\WINDOWS\System32\MSGINA.dll 5.1.2600.1343 (xpsp2.040109-1800) Dll-bestand GINA voor Windows NT-aanmelding

ODBC32.dll 2160000 204800 D:\WINDOWS\System32\ODBC32.dll 3.520.9042.0 Microsoft Data Access - ODBC Driver Manager

comdlg32.dll 76350000 286720 D:\WINDOWS\system32\comdlg32.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL voor gedeelde dialoogvensters

odbcint.dll 1f850000 98304 D:\WINDOWS\System32\odbcint.dll 3.520.7713.0 Microsoft Data Access - ODBC-bronnen

wdmaud.drv 72c90000 36864 D:\WINDOWS\System32\wdmaud.drv 5.1.2600.0 (XPClient.010817-1148) WDM Audio driver mapper

msacm32.drv 72c80000 32768 D:\WINDOWS\System32\msacm32.drv 5.1.2600.0 (xpclient.010817-1148) Microsoft-geluidstoewijzing

MSACM32.dll 77bb0000 81920 D:\WINDOWS\System32\MSACM32.dll 5.1.2600.0 (xpclient.010817-1148) Audiofilter voor Microsoft Audiocompressiebeheer

midimap.dll 77ba0000 28672 D:\WINDOWS\System32\midimap.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft MIDI-mapper

AcroIEHelper.ocx 1b20000 32768 D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module

SDHelper.dll 1cb0000 765952 J:\PROGRA~1\SPYBOT~2\SDHelper.dll 1, 3, 0, 12 Bad download blocker

olepro32.dll 5f230000 106496 D:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft ® OLE Property Support DLL

asfsipc.dll 70f20000 28672 D:\WINDOWS\System32\asfsipc.dll 1.1.00.3917 ASFSipc Object

MSISIP.DLL 60a50000 53248 D:\WINDOWS\System32\MSISIP.DLL 2.0.2600.0 MSI Signature SIP Provider

wshext.dll 74e20000 65536 D:\WINDOWS\System32\wshext.dll 5.6.0.6626 Microsoft ® Shell Extension for Windows Script Host

wshNL.DLL 59100000 57344 D:\WINDOWS\System32\wshNL.DLL 5.6.0.6626 Internationale bronnen van Microsoft ® Windows Script Host

Edited by SirPeter

Share this post


Link to post
Share on other sites

edit*

Go away evil text

edit*

Edited by SirPeter

Share this post


Link to post
Share on other sites

Update:

Ignonore my second post. I would have eddited that post but the forums wont let me use the edit button.

Internet almost died completely on me.

Cookies arent working, smilies are dead, internet as slow as an 28.8kb modem, Coolwebsearch still bugging me in svchost and internet.

 

Also im gonna post a hjt log inhere becourse i dont want to hear ppl telling me to post a log when im trying to make 1 single post in 2 hours. (not even kidding here)

Although im certain the log is clean.

 

Logfile of HijackThis v1.97.7

Scan saved at 20:41:46, on 18-6-2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

J:\PROGRA~1\Grisoft\AVG6\avgserv.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

D:\WINDOWS\Explorer.EXE

J:\Program Files\Anti-Trojan-55\ATWatch.exe

D:\WINDOWS\System32\nvsvc32.exe

J:\Program Files\Grisoft\AVG6\avgcc32.exe

D:\Program Files\Winamp3\winampa.exe

D:\WINDOWS\System32\ctfmon.exe

J:\Program Files\a2\a2guard.exe

J:\Program Files\Spybot - Search & Destroy 13\TeaTimer.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\WINDOWS\System32\devldr32.exe

D:\Program Files\mIRC\mirc.exe

D:\Program Files\Internet Explorer\iexplore.exe

J:\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRA~1\SPYBOT~2\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [MessengerPlus] "D:\Program Files\Messenger Plus! Extension\MsgPlus.exe"

O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Anti-Trojan-Watch] J:\Program Files\Anti-Trojan-55\ATWatch.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [TrojanScanner] J:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [AVG_CC] J:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [DAEMON Tools-1033] "J:\Program Files\D-Tools\daemon.exe" -lang 1033

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [a²] "J:\Program Files\a2\a2guard.exe"

O4 - HKCU\..\Run: [Verjaardagen] D:\Program Files\Verjaardagen\Verjaardagen.exe auto

O4 - HKCU\..\Run: [spybotSD TeaTimer] J:\Program Files\Spybot - Search & Destroy 13\TeaTimer.exe

O4 - Global Startup: PenCam SD 2Mega Monitor.lnk = D:\Program Files\PenCam SD 2Mega\ICON.exe

O4 - Global User Startup: PenCam SD 2Mega Monitor.lnk = D:\Program Files\PenCam SD 2Mega\ICON.exe

O9 - Extra button: Free Surfer (HKLM)

O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .png: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7577.7981134259

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...250/mcfscan.cab

Share this post


Link to post
Share on other sites

Update:

Kerio shows this:

Clickerdy click

 

After that i downloaded TCPView and killed the infected svchost entries and also the "cc115...:1700". After that i think i remover the cws out of active memory until a reboot. Although its not away when i open a browser (no suprise there).

 

CWS tries to redirect pages to somewere, see link

Clickerdy click

Maybe i know more if i can figger out what those ... actualy should have been when IE can give me the full path of the url that it tries to redirect to. Dont know how to make that happen though.

 

Ppl on #privacy think CWS is using ADS (alternate data streams).

 

Also someone adviced me to look in my hosts file to see if there is something in it, but the only thing thats in there is the links that are blocked by Spybot i think

Example:

# Start of entries inserted by Spybot - Search & Destroy

127.0.0.1 coolwwwsearch.com

127.0.0.1 coolwebsearch.com

etc etc x100

Edited by SirPeter

Share this post


Link to post
Share on other sites

12 hour+ bump.

 

Lets hope CWS isn't gonna spread this thing like wildfire huh. Noone knows how to fix it, comon guys.

Share this post


Link to post
Share on other sites

Got firefox now lol atleast i can brows again but still i would like to get CWS out of my memory.

Anyone know if uninstalling IE would work or has it also attached itself to another file?

Share this post


Link to post
Share on other sites

Module information for 'iexplore.exe'

MODULE BASE SIZE PATH

iexplore.exe 400000 102400 D:\Program Files\Internet Explorer\iexplore.exe 6.00.2800.1106 (xpsp1.020828-1920) Internet Explorer

ntdll.dll 77f40000 708608 D:\WINDOWS\System32\ntdll.dll 5.1.2600.1217 (xpsp2.030429-2131) DLL-bestand voor NT-laag

kernel32.dll 77e40000 983040 D:\WINDOWS\system32\kernel32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Windows NT BASE API-client

msvcrt.dll 77be0000 339968 D:\WINDOWS\system32\msvcrt.dll 7.0.2600.1106 (xpsp1.020828-1920) Windows NT CRT DLL

USER32.dll 77d10000 573440 D:\WINDOWS\system32\USER32.dll 5.1.2600.1255 (xpsp2.030804-1745) DLL-bestand voor Windows XP USER API-client

GDI32.dll 7e180000 266240 D:\WINDOWS\system32\GDI32.dll 5.1.2600.1346 (xpsp2.040109-1800) GDI Client DLL

ADVAPI32.dll 77da0000 643072 D:\WINDOWS\system32\ADVAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) Geavanceerde Windows 32 basis-API

RPCRT4.dll 78000000 552960 D:\WINDOWS\system32\RPCRT4.dll 5.1.2600.1361 (xpsp2.040109-1800) Remote Procedure Call Runtime

SHLWAPI.dll 70a70000 413696 D:\WINDOWS\system32\SHLWAPI.dll 6.00.2800.1400 Shell lichtgewicht hulpprogrammabibliotheek

SHDOCVW.dll 71700000 1347584 D:\WINDOWS\System32\SHDOCVW.dll 6.00.2800.1400 Objecten- en besturingselementenbibliotheek Shell Doc

comctl32.dll 78090000 933888 D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll 6.0 (xpsp1.020828-1920) User Experience Controls Library

SHELL32.dll 77390000 8380416 D:\WINDOWS\system32\SHELL32.dll 6.00.2800.1233 (xpsp2.030604-1804) Gemeenschappelijk DLL-bestand van Windows Shell

comctl32.dll 77300000 569344 D:\WINDOWS\system32\comctl32.dll 5.82 (xpsp1.020828-1920) Common Controls Library

ole32.dll 7ccc0000 1196032 D:\WINDOWS\system32\ole32.dll 5.1.2600.1362 (xpsp2.040109-1800) Microsoft OLE voor Windows

uxtheme.dll 5b190000 212992 D:\WINDOWS\System32\uxtheme.dll 6.00.2800.1106 (xpsp1.020828-1920) DLL-bestand Microsoft UxTheme

MSCTF.dll 746a0000 278528 D:\WINDOWS\System32\MSCTF.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor MSCTF-server

BROWSEUI.dll 71500000 1036288 D:\WINDOWS\System32\BROWSEUI.dll 6.00.2800.1400 Shell Browser-bibliotheek voor gebruikersinterface

browselc.dll 723c0000 77824 D:\WINDOWS\System32\browselc.dll 6.00.2800.1106 (xpsp1.020828-1920) Shell Browser-bibliotheek voor gebruikersinterface

appHelp.dll 75ee0000 122880 D:\WINDOWS\system32\appHelp.dll 5.1.2600.1106 (xpsp1.020828-1920) Application Compatibility Client Library

CLBCATQ.DLL 7a170000 528384 D:\WINDOWS\System32\CLBCATQ.DLL 2001.12.4414.53

OLEAUT32.dll 770e0000 569344 D:\WINDOWS\system32\OLEAUT32.dll 3.50.5016.0 Microsoft OLE 3.50 for Windows NT and Windows 95 Operating Systems

COMRes.dll 77010000 839680 D:\WINDOWS\System32\COMRes.dll 2001.12.4414.42

VERSION.dll 77bd0000 28672 D:\WINDOWS\system32\VERSION.dll 5.1.2600.0 (xpclient.010817-1148) Version Checking and File Installation Libraries

WININET.dll 63000000 618496 D:\WINDOWS\system32\WININET.dll 6.00.2800.1405 Internet-extensies voor Win32

CRYPT32.dll 76260000 561152 D:\WINDOWS\system32\CRYPT32.dll 5.131.2600.1123 (xpsp2.020921-0842) Crypto-API32

MSASN1.dll 76240000 65536 D:\WINDOWS\system32\MSASN1.dll 5.1.2600.1362 (xpsp2.040109-1800) ASN.1 Runtime APIs

Secur32.dll 76f50000 65536 D:\WINDOWS\System32\Secur32.dll 5.1.2600.1106 (xpsp1.020828-1920) Security Support Provider Interface

cscui.dll 765c0000 327680 D:\WINDOWS\System32\cscui.dll 5.1.2600.1106 (xpsp1.020828-1920) Gebruikersinterface voor caching aan clientzijde

CSCDLL.dll 765a0000 110592 D:\WINDOWS\System32\CSCDLL.dll 5.1.2600.0 (xpclient.010817-1148) Off line netwerk-agent

SETUPAPI.dll 76620000 962560 D:\WINDOWS\System32\SETUPAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) Windows Setup API

USERENV.dll 75a10000 679936 D:\WINDOWS\system32\USERENV.dll 5.1.2600.1106 (xpsp1.020828-1920) Userenv

AcroIEHelper.ocx 10000000 32768 D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx 1, 0, 0, 1 AcroIEHelper Module

SXS.DLL 75e30000 684032 D:\WINDOWS\System32\SXS.DLL 5.1.2600.1106 (xpsp1.020828-1920) Fusion 2.5

SDHelper.dll 1130000 765952 J:\PROGRA~1\SPYBOT~2\SDHelper.dll 1, 3, 0, 12 Bad download blocker

olepro32.dll 5f230000 106496 D:\WINDOWS\System32\olepro32.dll 5.0.5014 Microsoft ® OLE Property Support DLL

urlmon.dll 1a400000 499712 D:\WINDOWS\system32\urlmon.dll 6.00.2800.1400 OLE32-extensies voor Win32

shdoclc.dll 76110000 573440 D:\WINDOWS\System32\shdoclc.dll 6.00.2600.0000 (xpclient.010817-1148) Objecten- en besturingselementenbibliotheek Shell Doc

mlang.dll 746f0000 585728 D:\WINDOWS\System32\mlang.dll 6.00.2600.0000 (xpclient.010817-1148) Multi Language Support DLL

wsock32.dll 71a50000 36864 D:\WINDOWS\System32\wsock32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 32-bits DLL-bestand

WS2_32.dll 71a30000 86016 D:\WINDOWS\System32\WS2_32.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0 32-Bit DLL

WS2HELP.dll 71a20000 32768 D:\WINDOWS\System32\WS2HELP.dll 5.1.2600.0 (xpclient.010817-1148) Windows Socket 2.0-helper voor Windows NT

mswsock.dll 719d0000 245760 D:\WINDOWS\system32\mswsock.dll 5.1.2600.0 (xpclient.010817-1148) Microsoft Windows Sockets 2.0 Service-aanbieder

wshtcpip.dll 71a10000 32768 D:\WINDOWS\System32\wshtcpip.dll 5.1.2600.0 (xpclient.010817-1148) Windows Sockets Helper DLL

RASAPI32.DLL 76ea0000 225280 D:\WINDOWS\System32\RASAPI32.DLL 5.1.2600.1106 (xpsp1.020828-1920) RAS-API

rasman.dll 76e50000 69632 D:\WINDOWS\System32\rasman.dll 5.1.2600.1106 (xpsp1.020828-1920) Remote Access Connection Manager

NETAPI32.dll 71bb0000 319488 D:\WINDOWS\System32\NETAPI32.dll 5.1.2600.1343 (xpsp2.040109-1800) Net Win32 API DLL

TAPI32.dll 76e70000 176128 D:\WINDOWS\System32\TAPI32.dll 5.1.2600.1106 (xpsp1.020828-1920) DLL-bestand voor Microsoft® Windows TAPI-client

rtutils.dll 76e40000 53248 D:\WINDOWS\System32\rtutils.dll 5.1.2600.0 (xpclient.010817-1148) Routing Utilities

WINMM.dll 76af0000 184320 D:\WINDOWS\System32\WINMM.dll 5.1.2600.1106 (xpsp1.020828-1920) MCI API DLL

sensapi.dll 72240000 20480 D:\WINDOWS\System32\sensapi.dll 5.1.2600.1106 (xpsp1.020828-1920) SENS Connectivity API DLL

msi.dll 17a0000 2101248 D:\WINDOWS\System32\msi.dll 2.0.2600.1106 Windows Installer

DNSAPI.dll 76ee0000 151552 D:\WINDOWS\System32\DNSAPI.dll 5.1.2600.1106 (xpsp1.020828-1920) DNS Client API DLL

winrnr.dll 76f70000 28672 D:\WINDOWS\System32\winrnr.dll 5.1.2600.0 (xpclient.010817-1148) LDAP RnR Provider DLL

WLDAP32.dll 76f20000 184320 D:\WINDOWS\system32\WLDAP32.dll 5.1.2600.1106 (xpsp1.020828-1920) Win32 LDAP API DLL

rasadhlp.dll 76f80000 20480 D:\WINDOWS\System32\rasadhlp.dll 5.1.2600.0 (xpclient.010817-1148) Remote Access AutoDial Helper

mshtml.dll 63580000 2818048 D:\WINDOWS\System32\mshtml.dll 6.00.2800.1400 Microsoft ® HTML-viewer

 

Logfile of HijackThis v1.97.7

Scan saved at 23:24:24, on 23-6-2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

J:\PROGRA~1\Grisoft\AVG6\avgserv.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe

D:\WINDOWS\runservice.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

D:\WINDOWS\Explorer.EXE

D:\Program Files\Kerio\Personal Firewall 4\kpf4gui.exe

J:\Program Files\Anti-Trojan-55\ATWatch.exe

D:\Program Files\Winamp3\winampa.exe

D:\WINDOWS\System32\ctfmon.exe

J:\Program Files\HJTHotkey\HJTHotkey.exe

D:\WINDOWS\System32\devldr32.exe

D:\Program Files\mIRC\mirc.exe

J:\Program Files\Winamp\Winamp.exe

J:\PROGRA~1\Grisoft\AVG6\AVGCC32.EXE

D:\PROGRA~1\MOZILL~1\FIREFOX.EXE

D:\Documents and Settings\SirPeter\Bureaublad\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRA~1\SPYBOT~2\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [Anti-Trojan-Watch] J:\Program Files\Anti-Trojan-55\ATWatch.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [TrojanScanner] J:\Program Files\Trojan Remover\Trjscan.exe

O4 - HKLM\..\Run: [AVG_CC] J:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Verjaardagen] D:\Program Files\Verjaardagen\Verjaardagen.exe auto

O9 - Extra button: Free Surfer (HKLM)

O9 - Extra 'Tools' menuitem: Free Surfer (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .png: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...director/sw.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...7577.7981134259

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/pub/shock...ash/swflash.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...250/mcfscan.cab

Edited by SirPeter

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.98.0

Scan saved at 23:08:56, on 6-7-2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

D:\WINDOWS\System32\smss.exe

D:\WINDOWS\system32\csrss.exe

D:\WINDOWS\system32\winlogon.exe

D:\WINDOWS\system32\services.exe

D:\WINDOWS\system32\lsass.exe

D:\WINDOWS\system32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\System32\svchost.exe

D:\WINDOWS\system32\spoolsv.exe

D:\WINDOWS\Explorer.EXE

J:\Program Files\Grisoft\AVG6\avgcc32.exe

D:\Program Files\Winamp3\winampa.exe

D:\WINDOWS\System32\ctfmon.exe

J:\PROGRA~1\Grisoft\AVG6\avgserv.exe

J:\Program Files\DiskeeperLite\DKService.exe

D:\WINDOWS\System32\nvsvc32.exe

D:\WINDOWS\System32\devldr32.exe

D:\Program Files\Mozilla Firefox\firefox.exe

J:\Program Files\Agnitum\Tauscan 1.7\tauscan.exe

J:\Program Files\Agnitum\Tauscan 1.7\Taumon.exe

D:\Program Files\mIRC\mirc.exe

D:\Program Files\Mozilla Firefox\firefox.exe

J:\hijackthis\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen

F0 - system.ini: Shell=

F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - J:\PROGRA~1\SPYBOT~2\SDHelper.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx

O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [CloneCDElbyCDFL] "D:\Program Files\Elaborate Bytes\CloneCD\ElbyCheck.exe" /L ElbyCDFL

O4 - HKLM\..\Run: [AVG_CC] J:\Program Files\Grisoft\AVG6\avgcc32.exe /startup

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [WinampAgent] "D:\Program Files\Winamp3\winampa.exe"

O4 - HKLM\..\Run: [THGuard] "J:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [Jammer] J:\PROGRA~1\AGNITUM\JAMMER~1.0\Jammer.exe

O4 - HKLM\..\Run: [Tau Monitor] J:\PROGRA~1\AGNITUM\TAUSCA~1.7\taumon.exe

O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe

O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Verjaardagen] D:\Program Files\Verjaardagen\Verjaardagen.exe auto

O4 - HKCU\..\Run: [spySweeper] "D:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - J:\Program Files\Free Surfer\FS20.exe

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - J:\Program Files\Free Surfer\FS20.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE

O12 - Plugin for .mpeg: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll

O12 - Plugin for .png: D:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll

O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab

O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Besturing) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...250/mcfscan.cab

Share this post


Link to post
Share on other sites

Format is planned on wednesday. I still got some time left to clean the pc before my dad gets back from holiday and do his own backups for his programs :(

 

Anymore sugestions?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0