100% CPU - Highjack logs (RESOLVED)

  1. 25-03-2006  #1
    CharlieB
    CharlieB is offline Newbie

    100% CPU - Highjack logs (RESOLVED)

    All looks ok here, what do others think?

    Logfile of HijackThis v1.99.1
    Scan saved at 15:57:09, on 25/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/c...o/bt_side.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://bt.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/c...rch.yahoo.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1;<local>
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [Microsoft (R) User Authorization Service] C:\WINDOWS\system32\wuass32.exe
    O4 - HKLM\..\Run: [meshal] C:\WINDOWS\System32\SaNota\SaBeR.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [CARPService] carpserv.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [TV Now] C:\Program Files\HPQ\Notebook Utilities\TvNow.exe /RK
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0\bin\npjpi140_01.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.0\bin\npjpi140_01.dll (file missing)
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{771C6EFD-1531-41FB-A0BD-D2628265F5A7}: NameServer = 195.129.12.115,158.43.128.72
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\System32\RpcSs.exe (file missing)
    O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: Windows User Authorization Service (UserAuthSvc) - Unknown owner - C:\WINDOWS\system32\wuass32.exe (file missing)
    O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

  3. 26-03-2006  #2
    VopThis
    VopThis is offline Senior Member (Canada)
    NameServer = 195.129.12.115,158.43.128.72
    Please verfy the legitimacy of the above Nameserver lookup sources with your ISP. You currently have potentially ROGUE sources originating from Sweden and the Netherlands.



    Please copy the following line for assessment submission to the site below. Paste into the 'Select File' box:
    C:\WINDOWS\System32\RpcSs.exe

    http://www.virustotal.com/flash/index_en.html


    Let us know what the results were for the file(s).
  4. 26-03-2006  #3
    CharlieB
    CharlieB is offline Newbie
    Quote Originally Posted by VopThis
    Please verfy the legitimacy of the above Nameserver lookup sources with your ISP. You currently have potentially ROGUE sources originating from Sweden and the Netherlands.



    Please copy the following line for assessment submission to the site below. Paste into the 'Select File' box:
    C:\WINDOWS\System32\RpcSs.exe

    http://www.virustotal.com/flash/index_en.html


    Let us know what the results were for the file(s).

    195.129.12.115,158.43.128.72 are the resolvers belonging to my place of work - Verizon

    rpcss.exe has already been deleted by me, yesterday.
  5. 26-03-2006  #4
    VopThis
    VopThis is offline Senior Member (Canada)
    Read over the following directions. Ask if anything appears unclear to you.


    Download Clean.bat to your desktop: for later use to clean out your TEMPORARY and PREFETCH files.
    http://www.thatcomputerguy.us/downloads/clean.bat



    We will be restarting into Safe Mode later on in the fix and you might not be able to access the Internet. Accordingly, it is probably a good idea to print out the following directions or copy them to a text file on your desktop using NOTEPAD. Read these instructions carefully and feel free to ask if you're unsure about anything.

    SELECT HijackThis FIX ITEMS: Scan with HijackThis and place a check next to these items:

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://uk.red.clientapps.yahoo.com/...fo/bt_side.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.red.clientapps.yahoo.com/...arch.yahoo.com/

    O4 - HKLM\..\Run: [MICROSOFT (R) USER AUTHORIZATION SERVICE] C:\WINDOWS\system32\wuass32.exe

    O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\System32\RpcSs.exe (file missing)

    Make sure that all browser windows and internet links are closed, even this one!
    CLICK ’FIX CHECKED’ with HijackThis.



    HIDDEN FILES: To make sure you can see all hidden files, please follow the directions here

    SAFEMODE: Boot into safe mode by tapping the F8 key at restart and choosing 'safe mode' menu option (explained here if needed).



    Delete TEMPORARY FILES: Now, hunt down the most common temporary file locations and the temporary file clutter contained therein (and of possible malware hiding places):

    Go to Start > Run and type: CLEANMGR.EXE and hit enter.
    When prompted select the C: drive and click ok.
    Check the boxes for:
    • Temporary Internet Files
    • Downloaded Program Files
    • Recycle Bin
    • Temporary Files
    Click OK or Enter

    For additional, more thorough cleaning and for multi-profile user configurations:
    (*) Run Clean.bat to clean up your TEMPorary files.

    ***** Clean out the Recycle Bin for items removed below, ONLY once you have regained the full functional use of your PC.




    Navigate to these files or folders using Windows Explorer (OR Start -> Search) and delete (if present):


    DELETE FILES:

    C:\WINDOWS\system32\wuass32.exe




    POST A REVISED HIJACKTHIS LOG for review:
    Reboot and post a new HijackThis log with any feedback as appropriate - how things are now behaving: any new or remaining apparent issues.




    If you are still having issues, please run the following scans:



    Please download, install, update and scan your system with the free (trial) version of Ewido trojan scanner:
    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
    3. From the main ewido screen, click on update in the left menu, then click the Start update button.
    4. After the update finishes (the status bar at the bottom will display "Update successful"), click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
    5. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
    6. When the scan finishes, click on "Save Report". This will create a text file. Please then paste the contents of the text file to this thread.


    REBOOT.





    Please do an online scan (scan only tool) with Kaspersky WebScanner

    Click on Kaspersky Online Scanner

    You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files:
    • Once the files have been downloaded click on NEXT
    • Now click on Scan Settings
    • In the scan settings make sure that the following are selected:
      • Scan using the following Anti-Virus database:
        - Extended (if available otherwise Standard)
      • Scan Options:
        - Scan Archives
        - Scan Mail Bases
    • Click OK
    • Now under select a target to scan:
      • Select My Computer
    • This program will start and scan your system.
    • The scan will take a while so be patient and let it run.
    • Once the scan is complete it will display if your system has been infected.
      • Now click on the Save as Text button:
    • Save the file to your desktop.
    • Copy and paste that information in your next post.
  6. 26-03-2006  #5
    CharlieB
    CharlieB is offline Newbie
    Malware scan

    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\0\Controls\2 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\1\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\10\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\11\Controls\2 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\2\Controls\2 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\3\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\4\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\5\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\6\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\7\Controls\2 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\8\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\9\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\A\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\B\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\C\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\D\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\E\Controls\1 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\0 -> Adware.MidAddle : Cleaned with backup
    HKLM\SYSTEM\ControlSet003\Control\DeviceClasses\{6 994AD04-93EF-11D0-A3CC-00A0C9223196}\##?#PCI#VEN_10B9&DEV_5451&SUBSYS_002 4103C&REV_02#3&61AAA01&0&30#{6994ad04-93ef-11d0-a3cc-00a0c9223196}\#Wave\Device Parameters\Mixer\F\Controls\1 -> Adware.MidAddle : Cleaned with backup
    :mozilla.47:C:\Documents and Settings\Lee\Application Data\Mozilla\Profiles\default\yoqiunxd.slt\cookies .txt -> TrackingCookie.Googleadservices : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@advertising[1].txt -> TrackingCookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@adviva[2].txt -> TrackingCookie.Adviva : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@bidtool.overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@content.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@doubleclick[2].txt -> TrackingCookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@downloads-zdnet.com[1].txt -> TrackingCookie.Com : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@e-2dj6wfk4aoczkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@e-2dj6wflogjcpsbp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@e-2dj6wgmyciajkep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@e-2dj6wjkyupdpkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@e-2dj6wjmygicpilo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@e-2dj6wjmyqpdjgap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@valueclick[1].txt -> TrackingCookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@web-stat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\Lee\Cookies\lee@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Lee\Local Settings\Temp\Cookies\lee@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Lee\Local Settings\Temp\Cookies\lee@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Lee\Local Settings\Temp\Cookies\lee@content.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup


    ::Report End
  7. 26-03-2006  #6
    CharlieB
    CharlieB is offline Newbie
    hijack this

    Logfile of HijackThis v1.99.1
    Scan saved at 23:47:35, on 26/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\Ati2evxx.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\WINDOWS\system32\HPConfig.exe
    C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\UAService7.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe
    C:\Program Files\RALINK\Common\RaUI.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\HijackThis\HijackThis.exe

    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [QT4HPOT] C:\Program Files\HPQ\One-Touch\OneTouch.EXE
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
    O4 - HKLM\..\Run: [Display Settings] C:\Program Files\HPQ\Notebook Utilities\hptasks.exe /s
    O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
    O4 - HKLM\..\Run: [JeticoPFStartup] "C:\Program Files\Jetico\Jetico Personal Firewall\fwsrv.exe"
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe
    O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\WINDOWS\System32\shdocvw.dll
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/acti..._v1-0-3-30.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/...sh/swflash.cab
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: HP Configuration Interface Service (HPConfig) - Hewlett-Packard - C:\WINDOWS\system32\HPConfig.exe
    O23 - Service: HPWirelessMgr - Hewlett-Packard Co. - C:\Program Files\HPQ\Notebook Utilities\HPWirelessMgr.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: Remote Procedure Call (RPC) Service (RpcSssvc) - Unknown owner - C:\WINDOWS\System32\RpcSs.exe (file missing)
    O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\System32\UAService7.exe
    O23 - Service: Windows User Authorization Service (UserAuthSvc) - Unknown owner - C:\WINDOWS\system32\wuass32.exe (file missing)
  8. 27-03-2006  #7
    CharlieB
    CharlieB is offline Newbie
    Kapersky.


    Scan Statistics:
    Total number of scanned objects: 32076
    Number of viruses found: 4
    Number of infected objects: 6
    Number of suspicious objects: 0
    Duration of the scan process: 00:28:07

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\Lee\Local Settings\Temp\Temporary Internet Files\Content.IE5\CXMJ0PQN\ysb_prompt[1].htm Infected: Exploit.HTML.CodeBaseExec skipped
    C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\AL5B00OM\wbkE4.tmp Infected: Trojan-Spy.HTML.Bayfraud.fz skipped
    C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5\GH0J2L45\wbkE0.tmp Infected: Trojan-Spy.HTML.Bayfraud.fz skipped
    C:\WINDOWS\system32\1570.tmp Infected: Trojan-Proxy.Win32.Ranky.es skipped
    C:\WINDOWS\system32\B9.tmp Infected: Trojan-Proxy.Win32.Ranky.es skipped
    C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped

    Scan process completed.
  9. 27-03-2006  #8
    VopThis
    VopThis is offline Senior Member (Canada)
    Go into SAFE MODE and Delete the following:


    FOLDERS:
    C:\Documents and Settings\Lee\Local Settings\Temp\Temporary Internet Files\Content.IE5
    C:\Documents and Settings\Lee\Local Settings\Temporary Internet Files\Content.IE5



    FILES:
    C:\WINDOWS\system32\1570.tmp
    C:\WINDOWS\system32\B9.tmp
    C:\WINDOWS\system32\i



    REBOOT and verify that Kaspersky now runs clean.



    Tell us how your PC is now doing.
  10. 27-03-2006  #9
    CharlieB
    CharlieB is offline Newbie
    I will certainly do so today at some point although can you confirm why they need to be deleted in Safe mode? Just curious.

    Also, because of the 100% CPU I have been unable to shut down my PC as per normal as it just hangs at 'closing down Windows' - At this point I have to hold down the power key
  11. 27-03-2006  #10
    VopThis
    VopThis is offline Senior Member (Canada)
    Save 20% on AVG Internet Security 2012 Suite!
    can you confirm why they need to be deleted in Safe mode?
    It may be quite possible to delete in NORMAL MODE. Feel free to try.

    However, it is customary to do so in SAFE MODE, because so much less is loaded (minimal drivers, etc.) and running in this mode as to greatly reduce the chance for interference or resistance by normal and fully operational running processes.
+ Reply to Thread
Page 1 of 2 1 2 LastLast
« regfixnow.net popup | hijack log please help »