Results 1 to 9 of 9

Thread: "Command Service" removal attempt, my logit.txt and hijackthis output

  1. 2006-04-02, 08:30 #1
    henkemeyer
    henkemeyer is offline
    Junior Member
    Join Date
    Apr 2006
    Posts
    5

    Default "Command Service" removal attempt, my logit.txt and hijackthis output

    Spybot could not remove "Command Service", so I downloaded "ren-cmdservice", and ran it. Here is the contents of logit.txt, followed by my output of HijackThis:

    Running from C:\Documents and Settings\David.YODA\Desktop\ren-cmdservice
    -----------------
    Folder Present C:\WINXPPRO\RGF2aWQgSGVua2VtZXllcg
    -----------------

    Original perms.

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Effective permissions for Registry key HKLM\SYSTEM\CurrentControlSet\Services\cmdservice:
    Read NT AUTHORITY\INTERACTIVE
    Full access BUILTIN\Administrators


    -----------------
    Adjusted permisions

    RegDACL 5.1 - Permissions Manager for Registry keys for Windows NT 4 and above
    Copyright (c) 1999-2001 Frank Heyne Software (http://www.heysoft.de)
    This program is Freeware, use it on your own risk!

    Effective permissions for Registry key HKLM\SYSTEM\CurrentControlSet\Services\cmdservice:
    Full access BUILTIN\Administrators
    Full access NT AUTHORITY\INTERACTIVE
    Read BUILTIN\Users
    Read BUILTIN\Power Users
    Full access NT AUTHORITY\SYSTEM


    -----------------
    Deleting cmdservie key
    [SWSC] DeleteService SUCCESS
    Delete Network Monitor if present
    [SWSC] DeleteService FAIL
    -----------------
    Commandline utilities (SWReg and SWSC)
    Written by Bobbi Flekman © 2005
    -----------------
    A Backup made was made, bakhive
    Finised, Post the logit.txt then restart your PC please
    ren-cmdservice.bat edited 2-4-2006
    -----------------


    Output of HijackThis:

    Logfile of HijackThis v1.99.1
    Scan saved at 10:29:59 PM, on 4/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINXPPRO\System32\smss.exe
    C:\WINXPPRO\system32\winlogon.exe
    C:\WINXPPRO\system32\services.exe
    C:\WINXPPRO\system32\lsass.exe
    C:\WINXPPRO\system32\svchost.exe
    C:\WINXPPRO\System32\svchost.exe
    C:\WINXPPRO\system32\spoolsv.exe
    C:\WINXPPRO\System32\Ati2evxx.exe
    C:\WINXPPRO\System32\CTsvcCDA.exe
    C:\WINXPPRO\System32\svchost.exe
    C:\WINXPPRO\System32\MsPMSPSv.exe
    C:\WINXPPRO\Explorer.EXE
    C:\WINXPPRO\system32\wscntfy.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINXPPRO\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINXPPRO\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINXPPRO\system32\slk8x2peu.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINXPPRO\system32\e6tw76cpw.exe
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\dvd2avi\DVD2AVI.exe
    C:\WINXPPRO\system32\cmd.exe
    C:\WINXPPRO\system32\cmd.exe
    C:\WINXPPRO\system32\NOTEPAD.EXE
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\WINZIP\winzip32.exe
    C:\Documents and Settings\David.YODA\Local Settings\Temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINXPPRO\system32\OUGHYA~1.DLL
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINXPPRO\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINXPPRO\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CQ4d6] "C:\WINXPPRO\system32\slk8x2peu.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142062441124
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9A5FC94F-6E4B-4A8A-BD56-AA1BFC3C01B2}: NameServer = 192.168.1.1
    O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINXPPRO\system32\OUGHYA~1.DLL
    O20 - Winlogon Notify: CSCSettings - C:\WINXPPRO\system32\wyn87em.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXPPRO\System32\Ati2evxx.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXPPRO\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Thanks for all the great work you guys do!
  2. 2006-04-02, 19:41 #2
    illukka
    illukka is offline
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    hi
    Welcome,
    Please follow the instructions provided, you may want to print out these instructions and use them as a reference.

    Please download ewido anti malware it is a free version of the program.
    1. Install ewido security suite
    2. When installing, under "Additional Options" uncheck..
      • Install background guard
      • Install scan via context menu
    3. Launch ewido, there should be an icon on your desktop, double-click it.
    4. The program will now open to the main screen.
    5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    6. You will need to update ewido to the latest definition files.
      • On the left hand side of the main screen click update.
      • Then click on Start Update.
    7. The update will start and a progress bar will show the updates being installed.
      (the status bar at the bottom will display ("Update successful")
    If you are having problems with the updater, you can use this link to manually update ewido.
    ewido manual updates

    Once the updates are installed do the following:

    reboot your computer in SafeMode by doing the following:
    1. Restart your computer
    2. After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
    3. Instead of Windows loading as normal, a menu should appear
    4. Select the first option, to run Windows in Safe Mode.


    then launch ewido:
    • Click on scanner
    • Click on Complete System Scan and the scan will begin.
    • You will be prompted to clean the first infection.
    • Select "Perform action on all infections", then proceed.
    • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
    • Click Save report.
    • Save the report .txt file to your desktop or a location where you can find it easily.

    Close ewido anti malware.

    reboot back to normal mode, post the ewido report and a log from a fresh hjt scan

    NOTE your hiajckthis seems to be running from a temp directory
    before using it to fix anything it must be unzipped to a permanent directory, such as your desktop
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
  3. 2006-04-04, 06:54 #3
    henkemeyer
    henkemeyer is offline
    Junior Member
    Join Date
    Apr 2006
    Posts
    5

    Default My ewido report and HJT output (pt 1)

    Thanks again for your help. Here is the ewido report and output from HJT (I installed it onto my desktop as you advised):

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:43:06 PM, 4/3/2006
    + Report-Checksum: 3FBCA435

    + Scan result:

    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
    HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-21-1417001333-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-21-1417001333-287218729-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000010} -> Adware.Generic : Cleaned with backup
    HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
    C:\ac2_0003.exe -> Downloader.Small.cpu : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@ehg-verizoncommunications.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup
    C:\Documents and Settings\Administrator.YODA\Cookies\administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    :mozilla.10:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
    :mozilla.14:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.48:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
    :mozilla.49:C:\Documents and Settings\David\Application Data\Mozilla\Profiles\default\6f2uxw49.slt\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\Dummy.class-5db50b5e-6470bf47.class -> Trojan.ClassLoader.Dummy.d : Cleaned with backup
    C:\Documents and Settings\David\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\VerifierBug.class-28b7d374-36cdb914.class -> Not-A-Virus.Exploit.Java.Bytverify : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@1800search.com.19522.fb.dbbsrv[2].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkowodzclqq-1dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjkyuocpagqq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1mczkcpq6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1pcpwkqawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@a-1shz2prbmdj6wvny-1sez2pra2dj6wjny-1pczikpg2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@abetterinternet[1].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@ad.adition[3].txt -> TrackingCookie.Adition : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@ads.addynamix[2].txt -> TrackingCookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@ads.realcastmedia[1].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@buycom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@c.enhance[2].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@cc.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@data3.perf.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wfkiaodpedo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wfkiopazmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wfkiqidzohp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wfkocodpwao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wfkyulc5ckq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wflikpczaeo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wgkikgdzedp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wgmyejdjigq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
  4. 2006-04-04, 06:55 #4
    henkemeyer
    henkemeyer is offline
    Junior Member
    Join Date
    Apr 2006
    Posts
    5

    Default My ewido report and HJT output (pt 2)

    C:\Documents and Settings\David\Cookies\david@e-2dj6wjkoskcpscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjkowkcpabo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjkyeoc5cdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjkyogdzofp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjkysgdzaco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjl4omczgbo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjmicgcpacq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjmygmazeho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjmyujazefp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjny-1gazkk.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjny-1gc5wc.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjny-1mdpkk.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjnyclczigp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjnygkc5gao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjnyokdpglp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@e-2dj6wjnyondzkhq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@entrepreneur.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@free.wegcash[1].txt -> TrackingCookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@marketwatch-cnet.com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@master.mx-targeting[2].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@metacafe.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@nbcuniversal.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@northwestairlines.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@pro-market[1].txt -> TrackingCookie.Pro-market : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@rccl.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@server3.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@simplestar.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@sonycorporate.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@sonymediasoftware.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@spylog[2].txt -> TrackingCookie.Spylog : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@stat.onestat[1].txt -> TrackingCookie.Onestat : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@thunderbolt.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@web4.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@www.web-stat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkyagdziaow2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4gldpoaogqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4sgazaeqawdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4uldjicow6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjk4whd5alpgidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkowgcpmfowqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyejcpwhpw6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyooajadpq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkyood5sfowqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4ujcpkgpqsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlisoc5mhqaidj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyajdjigpw2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlycpdjgloq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyqkdjccoawdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyugcpobqqqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmyenazedoaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycmdzmcqa6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyegcpmfqq2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyeiczskoq6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyondzkhqqqdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\Documents and Settings\David\Cookies\david@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@ad1.clickhype[1].txt -> TrackingCookie.Clickhype : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@adrevolver[2].txt -> TrackingCookie.Adrevolver : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@c.goclick[2].txt -> TrackingCookie.Goclick : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@h.starware[1].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@kmpads[2].txt -> TrackingCookie.Kmpads : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@www.directnetadvertising[1].txt -> TrackingCookie.Directnetadvertising : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@www2.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@www3.click2begin[2].txt -> TrackingCookie.Click2begin : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@www6.click2begin[1].txt -> TrackingCookie.Click2begin : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\David.YODA\Cookies\david@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
    C:\Documents and Settings\David.YODA\full.exe -> Dropper.Agent.hl : Cleaned with backup
  5. 2006-04-04, 06:56 #5
    henkemeyer
    henkemeyer is offline
    Junior Member
    Join Date
    Apr 2006
    Posts
    5

    Default My ewido report and HJT output (pt 3)

    C:\Documents and Settings\David.YODA\Local Settings\Temp\!update.exe -> Downloader.PurityScan.w : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\f53666968.exe -> Downloader.Qoologic.bj : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\i52.tmp -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\loadadv640.exe -> Downloader.Harnig.bc : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\mmxp2passion.exe -> Downloader.VB.sh : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\q2.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\q4.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\q6.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\temp.fr8CD0\Ssk.exe -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\un2F.tmp -> Adware.SurfSide : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\xxx1.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temp\z2.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\!update-3620[1].0000 -> Downloader.PurityScan.w : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\full[1].exe -> Dropper.Agent.hl : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\mousepad7[1].exe -> Downloader.VB.zw : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\WHCC2[1].exe/whAgent.exe -> Adware.WebHancer : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\8R23SX6B\WinATS[1].cab/WinATS.dll -> Adware.Mirar : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\error[1].htm -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\keyboard7[1].exe -> Downloader.VB.zg : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\mm63[1].ocx -> Adware.MediaMotor : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\optimize[1].exe -> Downloader.Dyfuca.ex : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\rcverlib[1].exe -> Downloader.Qoologic.ax : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\SS1001[1].exe -> Dropper.Small.qn : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\AHKTEXGJ\ZICORN001[1].exe -> Adware.ZenoSearch : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\PQ7XT6GI\drsmartload46a[1].exe -> Downloader.Adload.ai : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\PQ7XT6GI\installerwnus[1].exe -> Downloader.Qoologic.at : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\PQ7XT6GI\newname7[1].exe -> Downloader.Adload.ae : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\PQ7XT6GI\whCC-GIANT[1].exe/WhAgent.exe -> Adware.WebHancer : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\QE5UDWF5\nem220[1].dll -> Downloader.Dyfuca : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\U1T3QF6T\Installer[1].exe -> Adware.Look2Me : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\U1T3QF6T\wallpap[1].exe -> Hijacker.Agent.gp : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\UOJWJ40J\eeedo[1].exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\UOJWJ40J\NNSCAA638[1].EXE -> Adware.NewDotNet : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\UOJWJ40J\visfx500[1].exe -> Dropper.Agent.aie : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\ac2[1].txt -> Downloader.Agent.ahv : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\ac2_0003[1].exe -> Downloader.Small.cpu : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\drsmartload[1].exe -> Downloader.VB.zg : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\krw1dn[1].exe -> Downloader.Agent.afi : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\MTE3NDI6ODoxNg[1].exe -> Downloader.Small.buy : Cleaned with backup
    C:\Documents and Settings\David.YODA\Local Settings\Temporary Internet Files\Content.IE5\WZOTA7GZ\stub_113_4_0_4_0[1].exe -> Downloader.TSUpdate.o : Cleaned with backup
    C:\Documents and Settings\Gabe.YODA\Cookies\gabe@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@abetterinternet[2].txt -> TrackingCookie.Abetterinternet : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@cliks[2].txt -> TrackingCookie.Cliks : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wfkikmdjoao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wfkismcpmbo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wfloaiazgfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wflyupdzmep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wfmiqmajmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjliejd5ifq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjlikndzmgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjloqmdzgbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjlykmd5skq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjmygod5kkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjnyalczscp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@e-2dj6wjnywjdzkdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@master.mx-targeting[2].txt -> TrackingCookie.Mx-targeting : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@questionmarket[2].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
    C:\Documents and Settings\Karen\Cookies\karen@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Karen\Local Settings\Temp\EmlQep.exe -> Downloader.IstBar : Cleaned with backup
    C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\newmajorse2[1].cab/newmajorse2.txt -> Adware.WebSearch : Cleaned with backup
    C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\4BSPEZOF\thnall2c[1].exe -> Adware.BetterInternet : Cleaned with backup
    C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\common[1].cab/common.dll -> Adware.WebSearch : Cleaned with backup
    C:\Documents and Settings\Karen\Local Settings\Temporary Internet Files\Content.IE5\O9YJK1IJ\istsvc[1].exe -> Downloader.IstBar : Cleaned with backup
    C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
    C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
    C:\Documents and Settings\LocalService.NT AUTHORITY\Cookies\system@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
    C:\krw1dn.exe -> Downloader.Agent.afi : Cleaned with backup
    C:\NNSCAA638.EXE -> Adware.NewDotNet : Cleaned with backup
    C:\Program Files\DIGStream\digstream.exe -> Not-A-Virus.Downloader.Win32.DigStream.a : Cleaned with backup
    C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
    C:\WINDOWS\Buddy.exe -> Adware.BetterInternet : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup
    C:\WINDOWS\keyboard7.exe -> Downloader.VB.zg : Cleaned with backup
    C:\WINDOWS\mousepad7.exe -> Downloader.VB.zw : Cleaned with backup
    C:\WINDOWS\SS1001.exe -> Dropper.Small.qn : Cleaned with backup
    C:\WINDOWS\SYSTEM32\70tovmto.ini -> Adware.Sahat : Cleaned with backup
    C:\WINDOWS\SYSTEM32\bln02nqv.exe -> Adware.Sahat : Cleaned with backup
    C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\blah[1].exe -> Backdoor.Subus.b : Cleaned with backup
    C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\bot[1].exe -> Backdoor.Agobot : Cleaned with backup
    C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\6JYLAZOX\bot[2].exe -> Backdoor.Agobot : Cleaned with backup
    C:\WINDOWS\SYSTEM32\xpsns.exe -> Adware.Apropos : Cleaned with backup
    C:\WINDOWS\ylfdyy.exe -> Downloader.IstBar.ij : Cleaned with backup
    C:\WINXPPRO\CheckS02.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINXPPRO\country.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
    C:\WINXPPRO\kl1.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
    C:\WINXPPRO\ms061957-45768.exe -> Downloader.VB.tw : Cleaned with backup
    C:\WINXPPRO\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup
    C:\WINXPPRO\optimize.exe -> Downloader.Dyfuca.ex : Cleaned with backup
    C:\WINXPPRO\seli.exe/eee2.exe -> Adware.MediaMotor : Cleaned with backup
    C:\WINXPPRO\sys037681957-45.exe -> Downloader.VB.tw : Cleaned with backup
    C:\WINXPPRO\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINXPPRO\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
    C:\WINXPPRO\system32\MTE2ODI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
    C:\WINXPPRO\system32\q.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\WINXPPRO\system32\q3.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\WINXPPRO\system32\q5.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\WINXPPRO\system32\qkdsregq.exe -> Adware.ZenoSearch : Cleaned with backup
    C:\WINXPPRO\system32\w3343bdb.dll -> Downloader.Agent.ahv : Cleaned with backup
    C:\WINXPPRO\system32\xxx2.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\WINXPPRO\system32\z1.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\WINXPPRO\system32\z3.exe -> Dropper.Agent.hl : Cleaned with backup
    C:\WINXPPRO\system32\Μicrosoft\msconfig.exe -> Downloader.PurityScan.w : Cleaned with backup
    C:\WINXPPRO\toolbar.exe -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
    C:\WINXPPRO\unin101.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINXPPRO\uniq -> Not-A-Virus.Exploit.HTML.Mht : Cleaned with backup
    C:\WINXPPRO\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
    C:\WINXPPRO\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup
    C:\ZICORN001.exe -> Adware.ZenoSearch : Cleaned with backup


    ::Report End
  6. 2006-04-04, 06:57 #6
    henkemeyer
    henkemeyer is offline
    Junior Member
    Join Date
    Apr 2006
    Posts
    5

    Default My ewido report and HJT output (pt 4)

    HJT ouput:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:50:46 PM, on 4/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINXPPRO\System32\smss.exe
    C:\WINXPPRO\system32\winlogon.exe
    C:\WINXPPRO\system32\services.exe
    C:\WINXPPRO\system32\lsass.exe
    C:\WINXPPRO\system32\svchost.exe
    C:\WINXPPRO\System32\svchost.exe
    C:\WINXPPRO\system32\spoolsv.exe
    C:\WINXPPRO\System32\Ati2evxx.exe
    C:\WINXPPRO\System32\CTsvcCDA.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINXPPRO\System32\svchost.exe
    C:\WINXPPRO\System32\MsPMSPSv.exe
    C:\WINXPPRO\Explorer.EXE
    C:\WINXPPRO\system32\wscntfy.exe
    C:\Program Files\Google\Gmail Notifier\gnotify.exe
    C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    C:\WINXPPRO\system32\CTHELPER.EXE
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\WINXPPRO\system32\spool\drivers\w32x86\3\hpztsb04.exe
    C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINXPPRO\system32\slk8x2peu.exe
    C:\WINXPPRO\system32\e6tw76cpw.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\BitTorrent\bittorrent.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINXPPRO\system32\wuauclt.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
    C:\Documents and Settings\David.YODA\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINXPPRO\system32\OUGHYA~1.DLL
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
    O4 - HKLM\..\Run: [CTDVDDet] C:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINXPPRO\UpdReg.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINXPPRO\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [CQ4d6] "C:\WINXPPRO\system32\slk8x2peu.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
    O4 - Startup: BitTorrent.lnk = C:\Program Files\BitTorrent\bittorrent.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1142062441124
    O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAV...oadManager.ocx
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9A5FC94F-6E4B-4A8A-BD56-AA1BFC3C01B2}: NameServer = 192.168.1.1
    O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINXPPRO\system32\OUGHYA~1.DLL
    O20 - Winlogon Notify: CSCSettings - C:\WINXPPRO\system32\wyn87em.dll (file missing)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINXPPRO\System32\Ati2evxx.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINXPPRO\System32\CTsvcCDA.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

    Thanks again!
    David
  7. 2006-04-04, 18:13 #7
    illukka
    illukka is offline
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi

    Download System Security Suite here: System Security Suite Download & Tutorial. Unzip it to your desktop. Install the program. Don't use it

    yet.


    Reboot into SafeMode by tapping F8 key repeatedly at bootup:

    Starting your computer in Safe mode

    Run HijackThis!, press Do A system Scan Only, and put a check mark next to all

    these:
    O2 - BHO: Yvakt Class - {BA3DDC15-3EF1-4DC7-B9B6-ED0403F9422A} - C:\WINXPPRO\system32\OUGHYA~1.DLL
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O4 - HKLM\..\Run: [CQ4d6] "C:\WINXPPRO\system32\slk8x2peu.exe"
    O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINXPPRO\system32\dmonwv.dll (file missing)
    O18 - Filter: text/html - {D332110E-3EDB-417B-B8E2-297B61C074C6} - C:\WINXPPRO\system32\OUGHYA~1.DLL
    O20 - Winlogon Notify: CSCSettings - C:\WINXPPRO\system32\wyn87em.dll (file missing)


    Close all other windows and browsers, and press the Fix Checked button.

    enable showing of system and hidden files:

    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Click Yes to confirm.
    * Click OK.

    Search for these files and delete them if found:
    C:\WINXPPRO\system32\OUGHYA~1.DLL<-- this file
    C:\WINXPPRO\system32\wyn87em.dll<-- this file
    C:\WINXPPRO\system32\slk8x2peu.exe<-- this file


    With all windows and browsers closed.
    Clean out temporary and Temporary Internet Files.
    A. Open System Security Suite.
    B. In the Items to Clear tab mark for cleaning:
    - Internet Explorer (left pane): Cookies & Temporary files
    - My Computer (right pane): Temporary files & Recycle Bin
    Press the Clear Selected Items button.
    Close the program.

    Open Internet Explorer, and click on the Tools menu and then Internet Options. At the

    General tab, which should be the first tab you are currently on, click on the Delete

    Files     button and put a checkmark in Delete offline content. Then press the OK button.

    REBOOT normally. Run HijackThis! again and post a new log.
    Last edited by illukka; 2006-04-04 at 18:16.
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
  8. 2006-04-10, 15:08 #8
    LonnyRJones
    LonnyRJones is offline
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    henkemeyer ?
  9. 2006-04-14, 18:23 #9
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    As the log requested has not been provided, this topic will be archived.

    If you need it re-opened please send me a pm and provide a link to the thread.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules