View Full Version : "Command Service" removal attempt, my logit.txt and hijackthis output
henkemeyer
2006-04-02, 08:30
Spybot could not remove "Command Service", so I downloaded "ren-cmdservice", and ran it. Here is the contents of logit.txt, followed by my output of HijackThis:
Running from C:\Documents and Settings\David.YODA\Desktop\ren-cmdservice
-----------------
Folder Present C:\WINXPPRO\RGF2aWQgSGVua2VtZXllcg
-----------------
Original perms.
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Effective permissions for Registry key HKLM\SYSTEM\CurrentControlSet\Services\cmdservice:
Read NT AUTHORITY\INTERACTIVE
Full access BUILTIN\Administrators
-----------------
Adjusted permisions
RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
This program is Freeware, use it on your own risk!
Effective permissions for Registry key HKLM\SYSTEM\CurrentControlSet\Services\cmdservice:
Full access BUILTIN\Administrators
Full access NT AUTHORITY\INTERACTIVE
Read BUILTIN\Users
Read BUILTIN\Power Users
Full access NT AUTHORITY\SYSTEM
-----------------
Deleting cmdservie key
[SWSC] DeleteService SUCCESS
Delete Network Monitor if present
[SWSC] DeleteService FAIL
-----------------
Commandline utilities (SWReg and SWSC)
Written by Bobbi Flekman © 2005
-----------------
A Backup made was made, bakhive
Finised, Post the logit.txt then restart your PC please
ren-cmdservice.bat edited 2-4-2006
-----------------
Output of HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 10:29:59 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINXPPRO\System32\smss.exe
C:\WINXPPRO\system32\winlogon.exe
C:\WINXPPRO\system32\services.exe
C:\WINXPPRO\system32\lsass.exe
C:\WINXPPRO\system32\svchost.exe
C:\WINXPPRO\System32\svchost.exe
C:\WINXPPRO\system32\spoolsv.exe
C:\WINXPPRO\System32\Ati2evxx.exe
C:\WINXPPRO\System32\CTsvcCDA.exe
C:\WINXPPRO\System32\svchost.exe
C:\WINXPPRO\System32\MsPMSPSv.exe
C:\WINXPPRO\Explorer.EXE
C:\WINXPPRO\system32\wscntfy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINXPPRO\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINXPPRO\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINXPPRO\system32\slk8x2peu.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINXPPRO\system32\e6tw76cpw.exe
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\dvd2avi\DVD2AVI.exe
C:\WINXPPRO\system32\cmd.exe
C:\WINXPPRO\system32\cmd.exe
C:\WINXPPRO\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\David.YODA\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINXPPRO\system32\OUGHYA~1.DLL
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINXPPRO\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINXPPRO\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CQ4d6] "C:\WINXPPRO\system32\slk8x2peu.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142062441124
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A5FC94F-6E4B-4A8A-BD56-AA1BFC3C01B2}: NameServer = 192.168.1.1
O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINXPPRO\system32\OUGHYA~1.DLL
O20 - Winlogon Notify: CSCSettings - C:\WINXPPRO\system32\wyn87em.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXPPRO\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXPPRO\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Thanks for all the great work you guys do!
hi
hi
Welcome,
Please follow the instructions provided, you may want to print out these instructions and use them as a reference.
Please download ewido anti malware (http://www.ewido.net/en/download/) it is a free version of the program.
Install ewido security suite
When installing, under "Additional Options" uncheck..
Install background guard
Install scan via context menu
Launch ewido, there should be an icon on your desktop, double-click it.
The program will now open to the main screen.
When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
You will need to update ewido to the latest definition files.
On the left hand side of the main screen click update.
Then click on Start Update.
The update will start and a progress bar will show the updates being installed.
(the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates (http://www.ewido.net/en/download/updates/)
Once the updates are installed do the following:
reboot your computer in SafeMode by doing the following:
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.
then launch ewido:
Click on scanner
Click on Complete System Scan and the scan will begin.
You will be prompted to clean the first infection.
Select "Perform action on all infections", then proceed.
Once the scan has completed, there will be a button located on the bottom of the screen named Save report
Click Save report.
Save the report .txt file to your desktop or a location where you can find it easily.
Close ewido anti malware.
reboot back to normal mode, post the ewido report and a log from a fresh hjt scan
NOTE your hiajckthis seems to be running from a temp directory
before using it to fix anything it must be unzipped to a permanent directory, such as your desktop
henkemeyer
2006-04-04, 06:54
Thanks again for your help. Here is the ewido report and output from HJT (I installed it onto my desktop as you advised):
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 9:43:06 PM, 4/3/2006
+ Report-Checksum: 3FBCA435
+ Scan result:
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1417001333-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-21-1417001333-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@ehg-verizoncommunications.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Administrator.YODA\Cookies\administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.10:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.14:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.34:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.35:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.36:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.37:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.47:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5db50b5e-6470bf47.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-28b7d374-36cdb914.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@1800search.com.19522.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkowodzclqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyuocpagqq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1mczkcpq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1pcpwkqawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1pczikpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ad.adition[3].txt -> TrackingCookie.Adition : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wfkiaodpedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wfkiopazmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wfkiqidzohp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wfkocodpwao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wfkyulc5ckq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wflikpczaeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wgkikgdzedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wgmyejdjigq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
henkemeyer
2006-04-04, 06:55
C:\Documents and Settings\David\Cookies\david@e-2dj6wjkoskcpscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjkowkcpabo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjkyeoc5cdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjkyogdzofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjkysgdzaco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjl4omczgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjmicgcpacq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjmygmazeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjmyujazefp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjny-1gazkk.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjny-1gc5wc.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjny-1mdpkk.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjnyclczigp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjnygkc5gao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjnyokdpglp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@e-2dj6wjnyondzkhq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@marketwatch-cnet.com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@master.mx-targeting[2].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@northwestairlines.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@rccl.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@simplestar.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@sonymediasoftware.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyagdziaow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4gldpoaogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4sgazaeqawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4uldjicow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4whd5alpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowgcpmfowqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyejcpwhpw6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyooajadpq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyood5sfowqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ujcpkgpqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlisoc5mhqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyajdjigpw2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlycpdjgloq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqkdjccoawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyugcpobqqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyenazedoaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycmdzmcqa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyegcpmfqq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeiczskoq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyondzkhqqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\David\Cookies\david@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@www2.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@www3.click2begin[2].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@www6.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\David.YODA\Cookies\david@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\David.YODA\full.exe -> Dropper.Agent.hl : Cleaned with backup
henkemeyer
2006-04-04, 06:56
C:\Documents and Settings\David.YODA\Local Settings\Temp\!update.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\f53666968.exe -> Downloader.Qoologic.bj : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\i52.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\loadadv640.exe -> Downloader.Harnig.bc : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\mmxp2passion.exe -> Downloader.VB.sh : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\q2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\q4.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\q6.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\temp.fr8CD0\Ssk.exe -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\un2F.tmp -> Adware.SurfSide : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\xxx1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temp\z2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\!update-3620[1].0000 -> Downloader.PurityScan.w : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\full[1].exe -> Dropper.Agent.hl : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\mousepad7[1].exe -> Downloader.VB.zw : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\WinATS[1].cab/WinATS.dll -> Adware.Mirar : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\error[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\keyboard7[1].exe -> Downloader.VB.zg : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\mm63[1].ocx -> Adware.MediaMotor : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\optimize[1].exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\SS1001[1].exe -> Dropper.Small.qn : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\ZICORN001[1].exe -> Adware.ZenoSearch : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\PQ7XT6GI\drsmartload46a[1].exe -> Downloader.Adload.ai : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\PQ7XT6GI\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\PQ7XT6GI\newname7[1].exe -> Downloader.Adload.ae : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\PQ7XT6GI\whCC-GIANT[1].exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\QE5UDWF5\nem220[1].dll -> Downloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\U1T3QF6T\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\U1T3QF6T\wallpap[1].exe -> Hijacker.Agent.gp : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\UOJWJ40J\eeedo[1].exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\UOJWJ40J\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\UOJWJ40J\visfx500[1].exe -> Dropper.Agent.aie : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\ac2_0003[1].exe -> Downloader.Small.cpu : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\drsmartload[1].exe -> Downloader.VB.zg : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\krw1dn[1].exe -> Downloader.Agent.afi : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\Documents and Settings\Gabe.YODA\Cookies\gabe@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wfkikmdjoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wfkismcpmbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wfloaiazgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wflyupdzmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wfmiqmajmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjliejd5ifq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjlikndzmgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjloqmdzgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjlykmd5skq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjmygod5kkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjnyalczscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjnywjdzkdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@master.mx-targeting[2].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Karen\Cookies\karen@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Karen\Local Settings\Temp\EmlQep.exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\newmajorse2[1].cab/newmajorse2.txt -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\thnall2c[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\common[1].cab/common.dll -> Adware.WebSearch : Cleaned with backup
C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\istsvc[1].exe -> Downloader.IstBar : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\Buddy.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
C:\WINDOWS\keyboard7.exe -> Downloader.VB.zg : Cleaned with backup
C:\WINDOWS\mousepad7.exe -> Downloader.VB.zw : Cleaned with backup
C:\WINDOWS\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
C:\WINDOWS\SYSTEM32\70tovmto.ini -> Adware.Sahat : Cleaned with backup
C:\WINDOWS\SYSTEM32\bln02nqv.exe -> Adware.Sahat : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\blah[1].exe -> Backdoor.Subus.b : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\bot[1].exe -> Backdoor.Agobot : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\bot[2].exe -> Backdoor.Agobot : Cleaned with backup
C:\WINDOWS\SYSTEM32\xpsns.exe -> Adware.Apropos : Cleaned with backup
C:\WINDOWS\ylfdyy.exe -> Downloader.IstBar.ij : Cleaned with backup
C:\WINXPPRO\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINXPPRO\country.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINXPPRO\kl1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINXPPRO\ms061957-45768.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINXPPRO\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINXPPRO\optimize.exe -> Downloader.Dyfuca.ex : Cleaned with backup
C:\WINXPPRO\seli.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
C:\WINXPPRO\sys037681957-45.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINXPPRO\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINXPPRO\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\WINXPPRO\system32\MTE2ODI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\WINXPPRO\system32\q.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINXPPRO\system32\q3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINXPPRO\system32\q5.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINXPPRO\system32\qkdsregq.exe -> Adware.ZenoSearch : Cleaned with backup
C:\WINXPPRO\system32\w3343bdb.dll -> Downloader.Agent.ahv : Cleaned with backup
C:\WINXPPRO\system32\xxx2.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINXPPRO\system32\z1.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINXPPRO\system32\z3.exe -> Dropper.Agent.hl : Cleaned with backup
C:\WINXPPRO\system32\Μicrosoft\msconfig.exe -> Downloader.PurityScan.w : Cleaned with backup
C:\WINXPPRO\toolbar.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINXPPRO\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINXPPRO\uniq -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
C:\WINXPPRO\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINXPPRO\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup
C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup
::Report End
henkemeyer
2006-04-04, 06:57
HJT ouput:
Logfile of HijackThis v1.99.1
Scan saved at 9:50:46 PM, on 4/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINXPPRO\System32\smss.exe
C:\WINXPPRO\system32\winlogon.exe
C:\WINXPPRO\system32\services.exe
C:\WINXPPRO\system32\lsass.exe
C:\WINXPPRO\system32\svchost.exe
C:\WINXPPRO\System32\svchost.exe
C:\WINXPPRO\system32\spoolsv.exe
C:\WINXPPRO\System32\Ati2evxx.exe
C:\WINXPPRO\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINXPPRO\System32\svchost.exe
C:\WINXPPRO\System32\MsPMSPSv.exe
C:\WINXPPRO\Explorer.EXE
C:\WINXPPRO\system32\wscntfy.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
C:\WINXPPRO\system32\CTHELPER.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINXPPRO\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINXPPRO\system32\slk8x2peu.exe
C:\WINXPPRO\system32\e6tw76cpw.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BitTorrent\bittorrent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINXPPRO\system32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Documents and Settings\David.YODA\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINXPPRO\system32\OUGHYA~1.DLL
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINXPPRO\UpdReg.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINXPPRO\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CQ4d6] "C:\WINXPPRO\system32\slk8x2peu.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1142062441124
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{9A5FC94F-6E4B-4A8A-BD56-AA1BFC3C01B2}: NameServer = 192.168.1.1
O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINXPPRO\system32\OUGHYA~1.DLL
O20 - Winlogon Notify: CSCSettings - C:\WINXPPRO\system32\wyn87em.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXPPRO\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXPPRO\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Thanks again!
David
hi
Download System Security Suite here: System Security Suite Download & Tutorial (http://www.igorshpak.net/). Unzip it to your desktop. Install the program. Don't use it
yet.
Reboot into SafeMode by tapping F8 key repeatedly at bootup:
Starting your computer in Safe mode (http://www.bleepingcomputer.com/forums/index.php?showtutorial=61#winxo)
Run HijackThis!, press Do A system Scan Only, and put a check mark next to all
these:
O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINXPPRO\system32\OUGHYA~1.DLL
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [CQ4d6] "C:\WINXPPRO\system32\slk8x2peu.exe"
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINXPPRO\system32\OUGHYA~1.DLL
O20 - Winlogon Notify: CSCSettings - C:\WINXPPRO\system32\wyn87em.dll (file missing)
Close all other windows and browsers, and press the Fix Checked button.
enable showing of system and hidden files:
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Search for these files and delete them if found:
C:\WINXPPRO\system32\OUGHYA~1.DLL<-- this file
C:\WINXPPRO\system32\wyn87em.dll<-- this file
C:\WINXPPRO\system32\slk8x2peu.exe<-- this file
With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab mark for cleaning:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.
Open Internet Explorer, and click on the Tools menu and then Internet Options. At the
General tab, which should be the first tab you are currently on, click on the Delete
Files button and put a checkmark in Delete offline content. Then press the OK button.
REBOOT normally. Run HijackThis! again and post a new log.
LonnyRJones
2006-04-10, 15:08
henkemeyer ?
As the log requested has not been provided, this topic will be archived.
If you need it re-opened please send me a pm and provide a link to the thread.