Persistent Cool Web Search and ICanNews

At one time I was so inundated with adware, spyware, and at least a couple of trojans that my machine would just lock up. I followed the steps you laid out before posting, and my list of problems is significantly shorter. Thank you very much! I'm hoping that you will request my Hijackthis! logfile and help me to get rid of these last two (as far as I can tell) issues that continue to plague me. CWShredder finds either VX2.Look2Me or CWS.Look2Me every time I run it without fail, in either normal or safe mode. Likewise, the dUtime.dll won't go away, and I can't change the file name or delete it, even in safe mode. If you would be so kind as to help me get this, and anything else that I might have overlooked, off of my machine, I will be eternally grateful.

 

http://www.majorgeeks.com/images/grenade.gif Download HijackThis 1.99.1

http://www.majorgeeks.com/images/grenade.gif Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

http://www.majorgeeks.com/images/grenade.gif Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the ZIP file as your backups will not be safely stored.

http://www.majorgeeks.com/images/grenade.gifBefore running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

http://www.majorgeeks.com/images/grenade.gifRun HijackThis and save your log file.

http://www.majorgeeks.com/images/grenade.gif Post your log as an ATTACHMENT to your next post. (Do NOT copy/paste the log into your post as it will be removed).

http://www.majorgeeks.com/images/grenade.gifNeed help with HJT? See this thread: NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

 

OK, here is my attached logfile, please bear with me, I'm a newbie...

 

Scan with HijackThis and Check the Boxes for the following:

Make sure All Browser Windows are Closed when you Click FIX.

O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO

O16 - DPF: {9C024426-7859-4B2D-AB4C-B1E370AE7549} -
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://impacnet.webex.com/client/v_mywebex/webex/ieatgpc.cab
O16 - DPF: {FC67BB52-AAB6-4282-9D51-2DAFFE73AFD0} - http://download.spyspotter.com/spyspotter/SpSp29952.40opt/SpySpotterCabInstall.c ab

O23 - Service: CWShredder Service - Unknown owner - C:\DOCUME~1\IMPACM~1\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\Q2RHGCLA\cwshredder[1].exe (file missing)
O23 - Service: mcupdmgr.exe - Unknown owner - (no file)
O23 - Service: Medcin - Unknown owner - C:\MEDCINDB\medcinserv (file missing)

Again, make sure All Browser Windows are Closed when you Click FIX.

NEXT:
Run CCleaner to clean up cookies and temp files.

Run full scans with Ad-Aware SE & Spybot S&D and have both programs fix what they find.
Note: Remember to get all updates before doing the scans.

Then, as an added precaution, Go to Start > Run and type: cleanmgr and then click OK. Make sure the boxes for these are checked:
Temporary Files
Temporary Internet Files
Recycle Bin

And Click OK.


After you complete ALL of the above, reboot and post a fresh HJT log. Also, let me know what problems remain, your log wasnt that bad.

 

Thanks for the help, I did as instructed, and ran everything twice for good measure. The only thing that is still there is the entry below.

O23 - Service: mcupdmgr.exe - Unknown owner - (no file)

I have attached my most recent log.

 

Your log is clean!

Are you having any further problems?

 

Everything seems to be working alright, maybe a little slow because of all the anti-spyware software I have running in the background. If you have any advice as to what I should and should not be running, I'd appreciate it.

Overall, thank you very much for a job well done.

 

Your Welcome!

Glad things are getting back to normal, about the programs see this thread on How to Protect yourself from malware!