Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

Thread: look2me/ guard.tmp/ command service etc

  1. 2006-12-01, 21:58 #21
    glasgowguitarguru
    glasgowguitarguru is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default nearly done...

    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc125.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc13.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc132.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc406.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc42.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc446.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc57.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc100.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc145.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc249.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc294.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc327.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc35.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc357.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc452.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc489.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc523.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc154.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc193.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc234.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc27.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc81.txt -> TrackingCookie.2o7 : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc64.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc381.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc76.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc58.txt -> TrackingCookie.Adbrite : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc68.txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc190.txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc473.txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc60.txt -> TrackingCookie.Adrevolver : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc3.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc432.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc75.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc193.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc239.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc286.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc347.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc446.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc474.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc65.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc79.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc216.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc61.txt -> TrackingCookie.Adtech : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc182.txt -> TrackingCookie.Adtrak : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc112.txt -> TrackingCookie.Adtrak : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc220.txt -> TrackingCookie.Adtrak : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc425.txt -> TrackingCookie.Adtrak : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc199.txt -> TrackingCookie.Adtrak : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc76.txt -> TrackingCookie.Advertising : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc194.txt -> TrackingCookie.Advertising : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc382.txt -> TrackingCookie.Advertising : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc80.txt -> TrackingCookie.Advertising : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc62.txt -> TrackingCookie.Advertising : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc85.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc195.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc383.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc82.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc63.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc9.txt -> TrackingCookie.Atdmt : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc5.txt -> TrackingCookie.Bluestreak : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc65.txt -> TrackingCookie.Casalemedia : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc517.txt -> TrackingCookie.Com : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc349.txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc37.txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc403.txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc435.txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc172.txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc388.txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc85.txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\WINDOWS\Temp\Cookies\stewart@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc99.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc200.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc448.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc86.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc16.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc185.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc70.txt -> TrackingCookie.Doubleclick : Cleaned.
    C:\Documents and Settings\LocalService\Cookies\system@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc116.txt -> TrackingCookie.Epilot : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc223.txt -> TrackingCookie.Epilot : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc428.txt -> TrackingCookie.Epilot : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc65.txt -> TrackingCookie.Euroclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc215.txt -> TrackingCookie.Euroclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc82.txt -> TrackingCookie.Falkag : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc84.txt -> TrackingCookie.Falkag : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc104.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc121.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc202.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc205.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc394.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc403.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc89.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc96.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc71.txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\LocalService\Cookies\system@c.goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc150.txt -> TrackingCookie.Liveperson : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc122.txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc206.txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc404.txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc97.txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc190.txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc77.txt -> TrackingCookie.Mediaplex : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc127.txt -> TrackingCookie.Newyorkcasino : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc88.txt -> TrackingCookie.Newyorkcasino : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc135.txt -> TrackingCookie.Overture : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc95.txt -> TrackingCookie.Overture : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc410.txt -> TrackingCookie.Overture : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc83.txt -> TrackingCookie.Overture : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc77.txt -> TrackingCookie.Pointroll : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc139.txt -> TrackingCookie.Qksrv : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc140.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc15.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc407.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc448.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc103.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc209.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc252.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc295.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc359.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc493.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc55.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc238.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc216.txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc301.txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc35.txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc89.txt -> TrackingCookie.Reliablestats : Cleaned.
  2. 2006-12-01, 21:59 #22
    glasgowguitarguru
    glasgowguitarguru is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default ...

    C:\WINDOWS\system32\config\systemprofile\Cookies\system@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc145.txt -> TrackingCookie.Revenue : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc105.txt -> TrackingCookie.Revenue : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc414.txt -> TrackingCookie.Revenue : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc74.txt -> TrackingCookie.Searchingbooth : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc89.txt -> TrackingCookie.Searchingbooth : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc384.txt -> TrackingCookie.Searchingbooth : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc83.txt -> TrackingCookie.Searchingbooth : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc183.txt -> TrackingCookie.Searchingbooth : Cleaned.
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc151.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc17.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc409.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc451.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc6.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc215.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc298.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc362.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc417.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc478.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc497.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc10.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc34.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc109.txt -> TrackingCookie.Starware : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc169.txt -> TrackingCookie.Starware : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc158.txt -> TrackingCookie.Tacoda : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc80.txt -> TrackingCookie.Tacoda : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc159.txt -> TrackingCookie.Targetnet : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc108.txt -> TrackingCookie.Targetnet : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc217.txt -> TrackingCookie.Targetnet : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc421.txt -> TrackingCookie.Targetnet : Cleaned.
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc165.txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc18.txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc109.txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc254.txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc331.txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc363.txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc498.txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc157.txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc244.txt -> TrackingCookie.Tradedoubler : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc46.txt -> TrackingCookie.Trafficmp : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc167.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc453.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc219.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc332.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc455.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc53.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc245.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc90.txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc157.txt -> TrackingCookie.Webtrendslive : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc2.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc332.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc402.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc431.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc62.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc170.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc188.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc266.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc28.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc285.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc346.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc379.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc64.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc75.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc146.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc180.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc214.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc57.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc7.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\WINDOWS\system32\config\systemprofile\Cookies\system@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc23.txt -> TrackingCookie.Zedo : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1003\Dc334.txt -> TrackingCookie.Zedo : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-1006\Dc444.txt -> TrackingCookie.Zedo : Cleaned.
    C:\RECYCLER\S-1-5-21-73586283-789336058-839522115-500\Dc162.txt -> TrackingCookie.Zedo : Cleaned.
    C:\WINDOWS\system32\bmffupsx.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\dqpnbtgj.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\fplceqht.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\iywpmlpn.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\jxetbvbd.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\oilgnalr.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\okuqjfau.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\sudjankq.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\ukaaeffb.dll -> Trojan.BHO.g : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{210D51DF-0CC8-4629-AE7A-50A61C498B13}\RP40\A0035509.vbs -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\U3Rld2FydCBIb3Ju\oal5xZIVxF1KvaLR.vbs -> Trojan.Small : Cleaned with backup (quarantined).


    ::Report end
  3. 2006-12-01, 22:00 #23
    glasgowguitarguru
    glasgowguitarguru is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default last one - the HJT log

    Logfile of HijackThis v1.99.1
    Scan saved at 19:36:54, on 01/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    D:\UPDATE_FILES\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {FDE1310D-204C-4EAB-9A25-95F40B71009D} - C:\WINDOWS\repair\natiibn.dll
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
    O20 - Winlogon Notify: natiibn - C:\WINDOWS\repair\natiibn.dll
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
  4. 2006-12-02, 15:42 #24
    illukka
    illukka is offline
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    hi


    Please download VundoFix.exe to your desktop
    • Double-click VundoFix.exe to run it.
    • Click the Scan for Vundo button.
    • Once it's done scanning, click the Remove Vundo button.
    • You will receive a prompt asking if you want to remove the files, click YES
    • Once you click yes, your desktop will go blank as it starts removing Vundo.
    • When completed, it will prompt that it will reboot your computer, click OK.
    • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
    Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
  5. 2006-12-02, 23:46 #25
    glasgowguitarguru
    glasgowguitarguru is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default Thanks Illuka - didn't expect to hear from you over the weekend

    VundoFix V6.2.13

    Checking Java version...

    Sun Java not detected
    Scan started at 21:30:03 02/12/2006

    Listing files found while scanning....

    C:\WINDOWS\system32\awtqo.dll
    C:\WINDOWS\system32\byxwt.dll
    C:\WINDOWS\system32\cbaya.dll
    C:\WINDOWS\system32\dtfucdcf.dll
    C:\WINDOWS\system32\efcaw.dll
    C:\WINDOWS\system32\efcbx.dll
    C:\WINDOWS\system32\hxpdmoye.dll
    C:\WINDOWS\system32\kiwclxah.dll
    C:\WINDOWS\system32\mayufxod.dll
    C:\WINDOWS\system32\mepdkrmf.dll
    C:\WINDOWS\system32\mhdavqbe.dll
    C:\WINDOWS\system32\nbublfjr.dll
    C:\WINDOWS\system32\nnlkl.dll
    C:\WINDOWS\system32\opnmj.dll
    C:\WINDOWS\system32\opnnk.dll
    C:\WINDOWS\system32\pkvoftsl.dll
    C:\WINDOWS\system32\pmkki.dll
    C:\WINDOWS\system32\pmnll.dll
    C:\WINDOWS\system32\qopnn.dll
    C:\WINDOWS\system32\qoppp.dll
    C:\WINDOWS\system32\ssqqo.dll
    C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\uairdsbq.dll
    C:\WINDOWS\system32\ursrp.dll
    C:\WINDOWS\system32\wcudrcoj.dll
    C:\WINDOWS\system32\wvwuv.dll
    C:\WINDOWS\system32\xjwkvnug.dll
    C:\WINDOWS\system32\xxyab.dll
    C:\WINDOWS\system32\yabcy.dll
    C:\WINDOWS\system32\yabxv.dll
    C:\WINDOWS\repair\natiibn.dll
    C:\WINDOWS\repair\nbiitan.ini
    C:\WINDOWS\repair\nbiitan.bak1
    C:\WINDOWS\repair\nbiitan.bak2
    C:\WINDOWS\repair\nbiitan.ini2

    Beginning removal...

    Attempting to delete C:\WINDOWS\system32\awtqo.dll
    C:\WINDOWS\system32\awtqo.dll Has been deleted!




    Logfile of HijackThis v1.99.1
    Scan saved at 21:40:44, on 02/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\UPDATE_FILES\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\wahgliam.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O2 - BHO: (no name) - {781E3C97-CD31-46C7-9AB4-76C860082482} - C:\WINDOWS\repair\natiibn.dll (file missing)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe



    Attempting to delete C:\WINDOWS\system32\byxwt.dll
    C:\WINDOWS\system32\byxwt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\cbaya.dll
    C:\WINDOWS\system32\cbaya.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\dtfucdcf.dll
    C:\WINDOWS\system32\dtfucdcf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\efcaw.dll
    C:\WINDOWS\system32\efcaw.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\efcbx.dll
    C:\WINDOWS\system32\efcbx.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\hxpdmoye.dll
    C:\WINDOWS\system32\hxpdmoye.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\kiwclxah.dll
    C:\WINDOWS\system32\kiwclxah.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mayufxod.dll
    C:\WINDOWS\system32\mayufxod.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mepdkrmf.dll
    C:\WINDOWS\system32\mepdkrmf.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\mhdavqbe.dll
    C:\WINDOWS\system32\mhdavqbe.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nbublfjr.dll
    C:\WINDOWS\system32\nbublfjr.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\nnlkl.dll
    C:\WINDOWS\system32\nnlkl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnmj.dll
    C:\WINDOWS\system32\opnmj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\opnnk.dll
    C:\WINDOWS\system32\opnnk.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pkvoftsl.dll
    C:\WINDOWS\system32\pkvoftsl.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmkki.dll
    C:\WINDOWS\system32\pmkki.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\pmnll.dll
    C:\WINDOWS\system32\pmnll.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qopnn.dll
    C:\WINDOWS\system32\qopnn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\qoppp.dll
    C:\WINDOWS\system32\qoppp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssqqo.dll
    C:\WINDOWS\system32\ssqqo.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ssttt.dll
    C:\WINDOWS\system32\ssttt.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\uairdsbq.dll
    C:\WINDOWS\system32\uairdsbq.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\ursrp.dll
    C:\WINDOWS\system32\ursrp.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wcudrcoj.dll
    C:\WINDOWS\system32\wcudrcoj.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\wvwuv.dll
    C:\WINDOWS\system32\wvwuv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xjwkvnug.dll
    C:\WINDOWS\system32\xjwkvnug.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\xxyab.dll
    C:\WINDOWS\system32\xxyab.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yabcy.dll
    C:\WINDOWS\system32\yabcy.dll Has been deleted!

    Attempting to delete C:\WINDOWS\system32\yabxv.dll
    C:\WINDOWS\system32\yabxv.dll Has been deleted!

    Attempting to delete C:\WINDOWS\repair\natiibn.dll
    C:\WINDOWS\repair\natiibn.dll Has been deleted!

    Attempting to delete C:\WINDOWS\repair\nbiitan.ini
    C:\WINDOWS\repair\nbiitan.ini Has been deleted!

    Attempting to delete C:\WINDOWS\repair\nbiitan.bak1
    C:\WINDOWS\repair\nbiitan.bak1 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\nbiitan.bak2
    C:\WINDOWS\repair\nbiitan.bak2 Has been deleted!

    Attempting to delete C:\WINDOWS\repair\nbiitan.ini2
    C:\WINDOWS\repair\nbiitan.ini2 Has been deleted!

    Performing Repairs to the registry.
    Done!



    Logfile of HijackThis v1.99.1
    Scan saved at 21:40:44, on 02/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    D:\UPDATE_FILES\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\wahgliam.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O2 - BHO: (no name) - {781E3C97-CD31-46C7-9AB4-76C860082482} - C:\WINDOWS\repair\natiibn.dll (file missing)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
  6. 2006-12-03, 21:44 #26
    illukka
    illukka is offline
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    care to post a fresh hiajckthis log, the avg antispyware scan showed some very alarming results
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
  7. 2006-12-04, 01:18 #27
    glasgowguitarguru
    glasgowguitarguru is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default uh-oh

    If it's any help, when I open task manager there's always a "system idle process" which can use up to 90% of my processor. My pc has been a bit slower in the last couple of days. Is this to do with the AVG program?

    S


    Logfile of HijackThis v1.99.1
    Scan saved at 23:13:26, on 03/12/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Panda Software\Panda Antivirus Platinum\AVENGINE.EXE
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MSN\MSNCoreFiles\MSN6.EXE
    C:\PROGRA~1\MSNMES~1\msnmsgr.exe
    C:\WINDOWS\System32\svchost.exe
    D:\UPDATE_FILES\scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.co.uk/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\wahgliam.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O2 - BHO: (no name) - {781E3C97-CD31-46C7-9AB4-76C860082482} - C:\WINDOWS\repair\natiibn.dll (file missing)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [Disc Detector] C:\Program Files\Creative\ShareDLL\CtNotify.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {AF2E62B6-F9E1-4D4F-A10A-9DC8E6DCBCC0} (VideoEgg ActiveX Loader) - http://update.videoegg.com/Install/W...gPublisher.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Panda Firewall Service (PAVFIRES) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\Firewall\PavFires.exe
    O23 - Service: Panda anti-virus service (PAVSRV) - Panda Software - C:\Program Files\Panda Software\Panda Antivirus Platinum\pavsrv51.exe
  8. 2006-12-04, 17:33 #28
    illukka
    illukka is offline
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    My pc has been a bit slower in the last couple of days. Is this to do with the AVG program?
    its because of the absolute s**tload of viruses and malware on your computer.
    you seem to have a downloader agent awf infection. it causes irrepairable damage to your system. you may have to reinstall all of your programs, because it replaces those legit executables with copies of itself..

    ok that alone would possibly be repairable, but the ewido scan revealed something more:
    C:\Documents and Settings\Teresa\Local Settings\Temp\lbdihocx.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
    C:\Documents and Settings\Teresa\Local Settings\Temp\mfuvesqs.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
    C:\Documents and Settings\Teresa\Local Settings\Temp\nbfjvpmi.dll -> Logger.VBStat.e : Cleaned with backup (quarantined).
    etc
    that looks like its a keystroke logger, so i am strongly recommending you to do a complete format and reinstall of the system. another reason to do it is that you are severely behind on windows updates, your system is vulnerable to reinfection all the time..

    a keystroke logger is a (malicious ) program that records everything typed on the machine. everything. this includes online passwords, such as bank logins, credit card numbers etc. this computer cannot be trusted anymore!



    i recommend these actions:
    1) Use a known secure computer to change all of your online passwords
    2) Contact your bank and credit card company for possible unauthorised transactions

    more info can be found here:



    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    some further reading:

    Security Management - May 2004
    Help: I Got Hacked. Now What Do I Do?
    http://www.microsoft.com/technet/community...gmt/sm0504.mspx

    Security Management - July 2004
    Help: I Got Hacked. Now What Do I Do? Part II
    http://www.microsoft.com/technet/community...gmt/sm0704.mspx

    and finally some more considerations:

    When should I re-format? How should I reinstall?
    http://www.dslreports.com/faq/10063

    if you choose to format and reinstall see this link for instructions:
    http://www.cyberwalker.net/faqs/how-...stall-faq.html
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
  9. 2006-12-05, 01:40 #29
    glasgowguitarguru
    glasgowguitarguru is offline
    Junior Member
    Join Date
    Nov 2006
    Posts
    24

    Default last wee bit of help please

    Oh well, thanks. I appreciate all your efforts. I have done a reformat and reinstall before, but I still have the problem of having loads of documents - music and photos mainly - that I want to keep. Why can't I use an external hard drive to copy them all onto? Also, if I format the C drive and reinstall, will my D drive with all the data still be intact or is there a chance I'll lose everything?

    When I turn on the external drive it comes up as an F drive on my computer but when I try to use it I get a message saying "F:\ is not accessible. The request could not be performed because of an I/O device error." It's plugged into a USB 2 port which works on my ipod. Is there something I can do rather than spend a whole day burning CDs?

    thanks

    S
  10. 2006-12-06, 21:55 #30
    illukka
    illukka is offline
    Expert-Emeritus illukka's Avatar
    Join Date
    Nov 2005
    Location
    The Pits Of Hell
    Posts
    1,289

    Default

    broken cable ? try another port, or is there only on usb port ?
    usb ports alone do not feed enough power to most harddisks, so the external power supply of the drive must be used
    if you format your system drive, other drives will be left alone
    I Am A Proud Member of ASAP Since 2004

    To Ride, Shoot Straight And Speak TheTruth

    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules