Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hijack This- Log File Help Plz :-)


  • This topic is locked This topic is locked
10 replies to this topic

#1 Vvardenfell

Vvardenfell

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 26 January 2006 - 09:16 PM

Hello, I've been having trouble with my computer for quite some time, and decided to try out hijack this.

I have a problem where anytime I access the internet, such as through internet explorer or even world of warcraft, I have lots of popups that appear. These aren't the usual ones I've always seen, but rather the same ads over and over, and my popupstopper isn't even recognizing them. Norton hasn't found anything on my computer, and ad-aware SE hasn't fixed the problem either.

Any help would be greatly appreciated!!!!

Matt


Logfile of HijackThis v1.99.1
Scan saved at 9:11:13 PM, on 1/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Doe\Desktop\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run: [43oU3FP] msfltrep.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"
O4 - Startup: PowerReg Scheduler V3.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...365/mcfscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:33 PM

Posted 28 January 2006 - 01:07 PM

Hello,

I actually can't see any malware actively running though, mainly leftovers in your log.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
O2 - BHO: (no name) - SOFTWARE - (no file)
O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe
O4 - HKLM\..\Run: [ToPicks Starter] C:\Program Files\ToPicks\Bin\Idhost.exe
O4 - HKLM\..\Run: [43oU3FP] msfltrep.exe
O4 - Startup: PowerReg Scheduler V3.exe
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINDOWS\System32\ms.exe (file missing)


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

REBOOT

Delete next files if still present:

C:\WINDOWS\System32\dp-him.exe
C:\Program Files\ToPicks <== folder
C:\WINDOWS\System32\ms.exe

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report together with a new hijackthislog.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 Vvardenfell

Vvardenfell
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 28 January 2006 - 09:01 PM

I did as you suggested and found ~100 viruses. Here are the logs from panda and hijackthis!

Any suggestions on how to get rid of them?

Thanks much,

Matt


Incident Status Location

Adware:Adware Program Not disinfected C:\WINDOWS\Downloaded Program Files\WildApp.inf
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32m.sys
Adware:adware/sidesearch Not disinfected C:\WINDOWS\sepsd.bin
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@888[3].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@winfixer[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@trafficmp[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@desktop.kazaa[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@adopt.hbmediapro[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@com[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ask[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@xiti[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@2o7[1].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@banner[3].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@gostats[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@banner[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@dist.belnk[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@z1.adserver[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@c.enhance[3].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@cassava[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ccbill[2].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@rn11[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@belnk[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@dist.belnk[4].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@rightmedia[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@com[7].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@64.62.232[5].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@adopt.hbmediapro[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@burstnet[3].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ask[3].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ccbill[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@pop.mircx[2].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@desktop.kazaa[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@com[3].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@xiti[2].txt
Spyware:Cookie/Banner Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@banner[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@burstnet[4].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@dist.belnk[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ad.yieldmanager[4].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@www.myaffiliateprogram[1].txt
Spyware:Cookie/Paypopup Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@paypopup[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@go[2].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@stats1.reliablestats[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@i.screensavers[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@com[8].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@gostats[1].txt
Spyware:Cookie/Mircx Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@pop.mircx[3].txt
Spyware:Cookie/WebPower Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@webpower[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@112.2o7[1].txt
Spyware:Cookie/Abetterinternet Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@abetterinternet[1].txt
Spyware:Cookie/Gorillanation Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ads.gorillanation[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@com[6].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@go[1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@smni[2].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@fe.lea.lycos[2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@com[4].txt
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@c2.gostats[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ccbill[3].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@desktop.kazaa[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ask[4].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@did-it[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@rightmedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@com[1].txt
Spyware:Cookie/adultfriendfinder Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@adultfriendfinder[2].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@xmts[1].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@gammae[3].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ad.yieldmanager[2].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@yadro[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@azjmp[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@www.burstbeacon[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@888[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ccbill[4].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@desktop.kazaa[4].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@kinghost[1].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@go[3].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@www.burstbeacon[2].txt
Spyware:Cookie/360i Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ct.360i[1].txt
Spyware:Cookie/Rightmedia Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@rightmedia[3].txt
Spyware:Cookie/fe.lea.lycos Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@fe.lea.lycos[3].txt
Spyware:Cookie/go Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@go[5].txt
Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@kount[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@xmts[2].txt
Spyware:Cookie/Ask Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ask[1].txt
Spyware:Cookie/DelfinMedia Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@delfinproject[1].txt
Spyware:Cookie/Aftonbladet Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@aftonbladet[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@yadro[1].txt
Spyware:Cookie/MediaTickets Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@kinghost[2].txt
Spyware:Cookie/Powerscan Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@gammae[2].txt
Spyware:Cookie/Tickle Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@web.tickle[1].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ccbill[5].txt
Spyware:Cookie/64.62.232 Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@64.62.232[1].txt
Spyware:Cookie/421 Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@421[1].txt
Spyware:Cookie/Kazaa Networks Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@desktop.kazaa[6].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@888[1].txt
Spyware:Cookie/Enhance Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@c.enhance[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@www.burstbeacon[3].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@burstnet[2].txt
Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@did-it[2].txt
Adware:Adware/DelFinMedia Not disinfected C:\Program Files\Common Files\remove_tools.html
Adware:Adware/BrilliantDigital Not disinfected C:\Program Files\Kazaa\bdcore.dll.updpnd
Adware:adware/delfinmedia Not disinfected C:\keys.ini



hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 8:55:46 PM, on 1/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\John Doe\Desktop\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...365/mcfscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:33 PM

Posted 29 January 2006 - 04:05 AM

Hello,

You are mainly dealing with cookies.
We'll deal with them afterwards. First delete next files:

C:\WINDOWS\smdat32m.sys
C:\WINDOWS\sepsd.bin
C:\Program Files\Common Files\remove_tools.html
C:\Program Files\Kazaa\bdcore.dll.updpnd
C:\keys.ini

Go to start > run and type: regsvr32 /u occache.dll
(or copy and paste this in the field in start > run )
Click Ok

Now search and delete:

C:\WINDOWS\Downloaded Program Files\WildApp.inf

Go to start > run and type regsvr32 occache.dll
Click OK

Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

I see Kazaa installed, Kazaa bundles spyware, that's why I recommend you uninstall it and choose a better alternative as described here:
http://www.spywareinfo.com/articles/p2p/

There you can find what p2p programs that are infected and are safe.

Let me know in your next reply if you are still getting popups.

Edited by miekiemoes, 29 January 2006 - 04:06 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 Vvardenfell

Vvardenfell
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 30 January 2006 - 06:18 PM

Hello again, so I did as you asked, and the pop-ups are still present.

One thing I was unable to do was to delete the file C:\keys.ini as when I opened up the C drive, the file wasn't there. I scanned again using panda and hijack this and will post them below....

Thanks again,

Matt


Incident Status Location

Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@zedo[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@tribalfusion[1].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@888[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@cassava[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@adopt.hbmediapro[2].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@www.burstbeacon[1].txt
Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@hotlog[1].txt
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@spylog[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ad.yieldmanager[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@888[3].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@trafficmp[1].txt
Spyware:Cookie/2o7.net Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@2o7[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@questionmarket[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\John Doe\Cookies\john doe@ads.pointroll[2].txt
Adware:adware/delfinmedia Not disinfected C:\keys.ini





Hijackthis

Logfile of HijackThis v1.99.1
Scan saved at 6:07:11 PM, on 1/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\WINDOWS\System32\LXSUPMON.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\John Doe\Desktop\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.rr.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Roadrunner
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~2\PSFREE.EXE"
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.rr.com
O16 - DPF: Yahoo! Checkers - http://download.games.yahoo.com/games/clients/y/kt4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {E504EE6E-47C6-11D5-B8AB-00D0B78F3D48} (Yahoo! Webcam Viewer Wrapper) - http://chat.yahoo.com/cab/yvwrctl.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/...365/mcfscan.cab
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:33 PM

Posted 30 January 2006 - 06:40 PM

Ok...

First delete next files:

C:\WINDOWS\smdat32a.sys
C:\keys.ini

Let's look if something is hidden here, so perform next:

Download and Save blacklight to your desktop.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Double-click blbeta.exe then accept the agreement.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first.
There must be also a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)
Post the contents of the log in your next reply.

If the log is too long, just post a big part of the top of the log and a big part of the end of the log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 Vvardenfell

Vvardenfell
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 31 January 2006 - 08:54 AM

Hello again,

The C:\keys.ini file is still not visible in my c drive.

I did the scan as recommended and will post below.

01/31/06 08:48:08 [Info]: BlackLight Engine 1.0.30 initialized
01/31/06 08:48:08 [Info]: OS: 5.1 build 2600 (Service Pack 2)
01/31/06 08:48:08 [Note]: 7019 4
01/31/06 08:48:08 [Note]: 7005 0
01/31/06 08:48:10 [Note]: 7006 0
01/31/06 08:48:10 [Note]: 7011 1452
01/31/06 08:48:11 [Note]: 7018 1776
01/31/06 08:48:11 [Info]: Hidden process: C:\PROGRAM FILES\YAHAWS\MYDCFGNT.EXE
01/31/06 08:48:11 [Note]: 7018 1784
01/31/06 08:48:11 [Info]: Hidden process: C:\WINDOWS\SYSTEM32\SISSISIP.EXE
01/31/06 08:48:11 [Note]: FSRAW library version 1.7.1014
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\WinGenerics.dll
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\ACE.DLL
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\DATA.BIN
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\COMVFP6R.EXE
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\PROGRAM FILES\YAHAWS\MYDCFGNT.EXE
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\DNS
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000072ae_43d6c6db_00016e36
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\INDEX
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006952_43d6c6dd_00029f63
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005f90_43d6c6ed_00081b32
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006784_43878a1c_00022551
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001649_43d6c6ef_00029f63
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006df1_43d6c6fc_0000f424
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005af1_43d6c6fc_0007a120
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000041bb_43d6c701_000a7d8c
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000026e9_43d6c702_0008d24d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000001eb_43d6c729_0005b8d8
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000bb3_43d6c729_000c28cb
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002ea6_43d6c730_000f0537
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000012db_43d6c731_00090f56
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000153c_43d6c739_000b71b0
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007e87_43d6c73a_0005f5e1
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000390c_43d6c744_0008d24d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000f3e_43d6c745_0008583b
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000099_43d6c74e_00039387
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000124_43d6c74e_000e1113
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000305e_43d6c756_00081b32
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000440d_43d6c757_00076417
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000035_43dd5247_00000000
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000007cf_43dd5258_00029f63
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000029_43da8d79_00081b32
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004823_43da8d7a_0001e848
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000018be_43da8d7a_00057bcf
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006784_43da8d93_0001e848
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000491c_43d6c75e_000e8b25
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004d06_43d6c75f_0008d24d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004db7_43d6c776_0001312d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001547_43d6c777_00029f63
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000054de_43d6c77d_00089544
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004823_43dcdeb2_00016e36
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004ae1_43da8d9c_00029f63
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000039b3_43d6c77e_00022551
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002d12_43d6c785_000a4083
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000054de_43bb0cab_00003d09
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000074d_43d6c786_00076417
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004dc8_43d6c792_00076417
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000039b3_43bb0cab_0001312d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000018be_43dcdeb2_00029f63
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006443_43d6c793_0007270e
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000066bb_43d6c79e_0007de29
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000428b_43d6c79f_0007de29
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000029_43cd781a_00090f56
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005af1_43d8b66f_00057bcf
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000026a6_43d6c7a9_00029f63
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000701f_43d6c7a9_000ca2dd
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005d03_43d6c7b4_000f0537
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007a5a_43d6c7b5_000d1cef
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000767d_43d6c7c3_0009c671
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004509_43d6c7c4_00098968
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001238_43d6c7ec_00007a12
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003b25_43d6c7ec_000d1cef
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000054dc_43af342c_000a4083
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001e1f_43d6c7f4_000e8b25
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006e5d_43d6c7f5_000632ea
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001ad4_43d6c80e_00053ec6
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000063cb_43d6c80e_000cdfe6
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006bfc_43d6c820_0003d090
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007f96_43d6c822_000b34a7
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007ff5_43d6c834_00057bcf
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004e45_43d6c834_00094c5f
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000323b_43d6c83c_0001e848
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002213_43d6c83c_0007a120
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000030a_43d6c949_0001e848
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006b89_43d6c933_000e8b25
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000301c_43d6c9d0_000aba95
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000bdb_43d6c9d2_00090f56
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000029_43cf05e3_000e4e1c
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001e1f_43c7a58e_0005b8d8
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004823_43cf05e6_000c65d4
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000056ae_43d6c9d2_000bebc2
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004823_43dea794_00044aa2
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000018be_43cf05e9_00022551
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006e5d_43c7a58e_0006ea05
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006b36_43d6d281_000a4083
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000368e_43c838c5_0009c671
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000022ee_43d6cb24_000b34a7
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004b40_43d6cb3f_000d59f8
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005878_43d6d281_00094c5f
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005cfd_43d6d282_00081b32
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003e12_43d6d283_00003d09
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001a49_43d6d283_00089544
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005f32_43d6d283_0009c671
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001ad4_43c7a58e_0007de29
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003bf6_43d6d286_000b71b0
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003a9e_43d6e748_000dd40a
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000797d_43d6e749_0003d090
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000063cb_43c7a58f_0000b71b
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005f49_43d6e753_000c65d4
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000ddc_43d6e754_000487ab
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004cd4_43878da1_0004c4b4
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004cad_43d6e763_000632ea
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000314f_43d6e763_000b34a7
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005e14_43d6e76f_0006acfc
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004df2_43d6e76f_000af79e
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004944_43d6e77a_0008d24d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002cd6_43d76d01_000a4083
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004823_43d76c8a_0000f424
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000007cf_43878dc6_0003d090
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000041bb_43d8b682_000487ab
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000018be_43d76c8a_0002625a
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006784_43d76c8b_00007a12
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006d22_43878dc8_000501bd
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003d6c_43d76c9a_00094c5f
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003d6c_43da8da2_0000f424
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000072ae_43d76d01_000ca2dd
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006952_43d76d01_000dd40a
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005772_43878bd9_0001e848
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000139d_43878bd9_00090f56
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005f90_43d76d01_000ec82e
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000029_43ca5e92_000d1cef
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001649_43d76d03_00076417
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000029_43cedc86_000c65d4
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006df1_43d76d07_0001ab3f
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006899_43878bdb_00040d99
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000440d_43d76d54_0006ea05
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000041bb_43d76d0a_00040d99
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000491c_43d76d54_0009c671
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007e87_43d76d20_000a4083
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002ea6_43d76d14_000c28cb
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000ecc_43878dcd_0001312d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000390c_43d76d20_000d9701
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002cd6_43da8db5_000b71b0
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004823_43ca5e93_00066ff3
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000f3e_43d76d21_0001312d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000099_43d76d21_000501bd
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000001d3_43878dcd_0007270e
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000124_43d76d22_000632ea
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000305e_43d76d23_00090f56
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000072ae_43da8dbd_0002625a
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004d06_43d76d59_00057bcf
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006048_43878dce_0006ea05
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000057d3_43878dce_0007de29
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004db7_43d76d64_000a4083
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001547_43d76d7a_00022551
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000054de_43d76d83_000c28cb
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000039b3_43d76d93_0007de29
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006952_43da8ddf_00066ff3
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002d12_43d76d93_0008d24d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006784_43dcdeb5_0000b71b
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002d12_43bb0cd5_000d59f8
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000074d_43d76d93_000b34a7
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004dc8_43d76d96_000d59f8
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006443_43d76d97_0001312d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000066bb_43d76d97_00029f63
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005f90_43da8de1_0007a120
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001850_43af63bd_000a037a
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001649_43da8de2_00031975
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000252a_43878dd2_00022551
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000428b_43d76d99_0001312d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000bb3_43d8b689_000dd40a
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000001eb_43d8b687_000ca2dd
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002ea6_43d8c6e0_000e4e1c
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003d6c_43b01349_0006acfc
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002cd6_43b01349_00098968
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000072ae_43b01349_000a7d8c
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000117a_4387994f_00016e36
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000012db_43d8c6e2_0000f424
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000153c_43d8c6e2_0008d24d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007e87_43d8c6e4_000a7d8c
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000390c_43d8c6e7_00094c5f
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000f3e_43d8c6e7_000c65d4
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000099_43d8c6e8_0001312d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000124_43d8c77e_00040d99
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000305e_43d8c7b3_000632ea
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000440d_43d8c7b6_00007a12
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006bfc_43c7a593_0007270e
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000491c_43d8c7b7_00098968
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001481_43878eac_000e1113
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004d06_43d8c7b8_000c65d4
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000074d_43b03eb5_000baeb9
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000099_43c129ff_000bebc2
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004db7_43d8c7b9_0007de29
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001547_43d8c7b9_00090f56
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000054de_43d8c7d6_000e4e1c
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000039b3_43d8c7e4_000cdfe6
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005991_43de9aaa_0007a120
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002d12_43d8c7e9_000e4e1c
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000074d_43d8c7f5_0006acfc
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004509_43b04673_00057bcf
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004dc8_43d8c803_0007270e
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001238_43b0467a_000d59f8
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006443_43d8c804_0004c4b4
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000124_43c129ff_000cdfe6
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000066bb_43d8c805_000487ab
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000428b_43d8c805_0005f5e1
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000026a6_43d8c805_000d59f8
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:12 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000074d_43bb0cd7_0001312d
01/31/06 08:48:12 [Note]: 7002 0
01/31/06 08:48:12 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000701f_43d8c814_000487ab
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005d03_43d8c819_0008583b
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000409d_43de9aaa_00090f56
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007a5a_43d8c823_0005f5e1
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000767d_43d8c82d_000b71b0
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004509_43d8c831_0005b8d8
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001238_43d8c832_0003567e
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003b25_43d8c832_00098968
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001e1f_43d8c833_00016e36
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006e5d_43d8c865_00089544
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001ad4_43d8c865_000ca2dd
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007f96_43d8c89b_0006acfc
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006bfc_43d8c895_0003567e
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007ff5_43d8c8c8_000c28cb
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000bdb_43d8c979_000a037a
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000323b_43d8c932_000f0537
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000260d_43d8c940_0009c671
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006b89_43d8c942_000bebc2
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000030a_43d8c944_00040d99
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000301c_43d8c94c_0009c671
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000056ae_43d8c981_00016e36
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000732_43d8c9be_00007a12
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000120_43d8c9c4_00029f63
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000759a_43d8c9c8_0001312d
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002350_43d8c9ca_0002dc6c
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004dc8_43bb0ced_0009c671
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000022ee_43d8c9cc_0001312d
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004b40_43d8c9d3_00090f56
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005878_43d8c9d9_0007a120
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006b36_43d8c9e1_0007270e
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005cfd_43d8c9eb_0007de29
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003e12_43d8c9eb_000d59f8
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001a49_43d8c9f2_000bebc2
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005f32_43d8c9f4_00039387
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003bf6_43d8ca1f_00039387
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003a9e_43d8ca1f_0006ea05
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000797d_43d8ca21_000501bd
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005f49_43d8ca23_00089544
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000ddc_43d8ca23_000e4e1c
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004cad_43d8ca24_0000f424
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000314f_43d8ca2d_000f0537
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005e14_43d8ca36_00022551
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004df2_43d8ca3d_00066ff3
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004944_43d8ca3d_000c65d4
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002e40_43d8ca3e_00029f63
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001366_43d8ca3f_00098968
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001cd0_43d8ca41_00053ec6
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000366b_43d8ca72_00022551
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000066c4_43d8ca72_0009c671
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004230_43d8ca76_0003d090
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007eb7_43d8ca7b_0002625a
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006443_43bb0cee_00031975
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006032_43d8ca80_0008d24d
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002c3b_43d8ca82_00003d09
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000015a1_43d8ca8f_00081b32
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005422_43d8ca93_000f0537
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003ef6_43d8ca94_00053ec6
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000822_43d8cab6_000e1113
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000305e_43dc2183_00040d99
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000440d_43dc219f_00057bcf
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000029_43d95419_000baeb9
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004ae1_43b14261_00007a12
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003d6c_43b14261_00029f63
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002cd6_43b14261_00044aa2
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004823_43d95420_0005f5e1
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000018be_43d95428_000d9701
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006784_43d9545f_00029f63
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004ae1_43d95461_0006ea05
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003d6c_43d95476_000d59f8
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006df1_43da8de2_00057bcf
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004db7_43dc3cfe_0009c671
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004d06_43dc21f4_000d9701
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005f1e_43d2b9c6_0007270e
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002cd6_43d95477_000aba95
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001547_43dc3cff_00090f56
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000072ae_43d95477_000c65d4
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007a61_43879271_000d59f8
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006952_43d95477_000f0537
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005f90_43d9547d_000d1cef
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001649_43d9547e_00089544
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006df1_43d9547e_000a037a
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005af1_43d9547f_00007a12
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000041bb_43d95480_0002625a
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000026e9_43d95480_000e8b25
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000001eb_43d95481_0006acfc
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000066bb_43bb0cf1_00003d09
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000428b_43bb0cf9_000baeb9
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000026a6_43bb0cfa_0003567e
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000701f_43bb0d01_0007270e
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005d03_43bb0d02_0003567e
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007a5a_43bb0d03_00053ec6
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000767d_43bb0d07_00094c5f
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004509_43bb0d12_0004c4b4
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000bb3_43d95481_0007de29
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001238_43bb0d12_000d59f8
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00003b25_43bb0d2b_0007a120
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002ea6_43d95482_0000f424
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000012db_43d9548d_000501bd
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007f96_43c7a5a3_0001e848
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005af1_43da8de3_00057bcf
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000048cc_43bb1c4f_00003d09
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000153c_43d954b2_0002dc6c
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007e87_43d954b3_0003d090
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000390c_43d954d0_00039387
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000f3e_43d9550a_000dd40a
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000099_43d9553f_00039387
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00000124_43d95578_0008d24d
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002d12_43b143c2_00040d99
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000074d_43b143c2_000e8b25
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004dc8_43b143c3_00031975
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006443_43b143c3_00044aa2
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000066bb_43b143c3_0005f5e1
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000305e_43d9557f_000e8b25
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000440d_43d95585_00044aa2
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000491c_43d955ae_00044aa2
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004d06_43d955bb_000e8b25
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004db7_43d955d2_000d9701
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001547_43d95653_00090f56
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000041bb_43da8deb_000501bd
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000054de_43d95656_000501bd
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006df1_43c5906a_0008583b
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000039b3_43d95657_00098968
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00002d12_43d95657_000b71b0
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000074d_43d95658_000baeb9
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00001ad4_43b1444e_0008d24d
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00004dc8_43d958fe_0002625a
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00006443_43d9591f_00081b32
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\000026a6_43d95948_0004c4b4
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000428b_43d95945_0001e848
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000701f_43d95e75_0006ea05
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00005d03_43d96269_0001e848
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\00007a5a_43d9626f_0007270e
01/31/06 08:48:13 [Note]: 7002 0
01/31/06 08:48:13 [Note]: 7003 1
01/31/06 08:48:13 [Info]: Hidden file: C:\Program Files\Yahaws\Cache\0000767d_43d96272_000

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:33 PM

Posted 31 January 2006 - 09:01 AM

As I thought. You are dealing with the apropos rootkit.

Please download AproposFix from here:
http://swandog46.geekstogo.com/aproposfix.exe

Save it to your desktop but do NOT run it yet.

Then please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

I can't stress enough how important it is this has to be performed in safe mode, because this infection is only visible in safe mode.

Once in Safe Mode, please double-click aproposfix.exe.
This will create a new folder on your desktop called aproposfix.
Open the aproposfix folder on your desktop and run RunThis.bat. Follow the prompts.

Reboot back to normal mode and post the contents of the log.txt file, present in the aproposfix folder in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 Vvardenfell

Vvardenfell
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:33 AM

Posted 31 January 2006 - 06:01 PM

Hello again,

I did as instructed and at a glance the pop-up issue seems to be gone. I'll let you know how things go.

Thanks again for your help, I'll have to start running norton in safe mode now and then.

Matt



Log of AproposFix v1.1

************

Running from directory:
C:\Documents and Settings\John Doe\Desktop\aproposfix

************



Registry entries found:

[HKEY_LOCAL_MACHINE\Software\C6Te9A2Ffjm9]
@="cGD9DSTOPPOPPQPfoIxgpiOPPOeRPykpfqyuPGMGH2AVUP1F6J2FGP8A609C08QGMG"
"Device"="\\\\.\\DMuVENG"
"DriverPath"="C:\\WINDOWS\\system32\\drivers\\kmiclock.sys"
"DriverName"="Asplp01"
"HideUninstallerName"="C:\\Program Files\\Yahaws\\comvfp6r.exe"
"HDll"="C:\\WINDOWS\\system32\\mspatmfd.dll"
"ServerAddress"="adchannel.adintelligence.net"
"LegalNote"="http://adchannel.contextplus.net/legal-note/nonbranded.html"
"PartnerId"="WB.OLD"
"InstallationId"="{Hb8561a4-9161-2eec-eff9-390392a7bff5}"
"PageFiltering"=dword:00000001
"ClientName"="C:\\Program Files\\Yahaws\\mydcfgnt.exe"
"AutoUpdater"="C:\\WINDOWS\\system32\\sissisip.exe"
"Version"="2.0.131"
"LastAURestoreMsgTS"="2006:01:20-02:54:20:703"

************

Removing hidden service:
Service Asplp01 removed.

Removing hidden folder:
Deletion of folder Yahaws succeeded!

Deleting files:

Deletion of file C:\WINDOWS\system32\drivers\kmiclock.sys succeeded!
Deletion of file C:\WINDOWS\system32\sissisip.exe succeeded!
Deletion of file C:\WINDOWS\system32\mspatmfd.dll succeeded!

Backing up files:
Done!

Removing registry entries:

REGEDIT4

[-HKEY_CURRENT_USER\Software\C6Te9A2Ffjm9]
[-HKEY_LOCAL_MACHINE\Software\C6Te9A2Ffjm9]

Done!

Finished!

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:33 PM

Posted 31 January 2006 - 06:07 PM

Yes, the popups must be gone now. :thumbsup:

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

* Avoid illegal sites, because that's where most malware is present.
* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

Also visit this Free Online Scanner for PC Health and Safety

More info on how to prevent malware you can also find here (By Tony Klein)
and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:33 PM

Posted 02 February 2006 - 01:50 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users