Post by: bradfitz on January 01, 2007, 02:46:17 PM
Thanks in advance.
---begin log----
Logfile of HijackThis v1.99.1
Scan saved at 2:45:40 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1140813571\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\My Work\downloads\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm (http://\"http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com (http://\"http://www.gatewaybiz.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com (http://\"http://www.gatewaybiz.com\")
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140813571\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Democracy Player] C:\Program Files\Participatory Culture Foundation\Democracy Player\Democracy.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg (http://\"http://thesecret.tv/movie/player/vivid_ocx.jpeg\")
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab (http://\"http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab\")
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Post by: guestolo on January 01, 2007, 05:59:25 PM
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post the log please
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Post the log from Combofix
Post by: bradfitz on January 01, 2007, 10:30:52 PM
----
Owner - 07-01-01 22:27:10.47 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\winupdates
((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))
2007-01-01 15:37 <DIR> d-------- C:\Program Files\Ashampoo
2007-01-01 15:31 19,584 --a------ C:\Documents and Settings\Owner\agony.sys
2007-01-01 15:29 19,584 --a------ C:\WINDOWS\system32\agony.sys
2007-01-01 15:11 <DIR> d-------- C:\Program Files\Ace Utilities
2006-12-30 08:37 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2006-12-30 08:33 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2006-12-20 09:07 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PCF-VLC
(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-01-01 21:16 -------- d-------- C:\Program Files\Mozilla Thunderbird
2007-01-01 17:55 -------- d-------- C:\Program Files\Mozilla Firefox
2007-01-01 16:20 -------- d-------- C:\Program Files\Registry Mechanic
2007-01-01 16:11 -------- d--h----- C:\Program Files\InstallShield Installation Information
2007-01-01 16:11 -------- d-------- C:\Program Files\Common Files\Ulead Systems
2007-01-01 15:57 -------- d-------- C:\Documents and Settings\Owner\Application Data\Azureus
2007-01-01 15:10 -------- d-------- C:\Documents and Settings\Owner\Application Data\Skype
2007-01-01 14:56 -------- d-------- C:\Program Files\Winamp
2007-01-01 14:54 -------- d-------- C:\Program Files\FontExplorerL.M
2006-12-30 14:56 -------- d-------- C:\Documents and Settings\Owner\Application Data\Macromedia
2006-12-30 11:53 -------- d-------- C:\Program Files\Windows Media Player
2006-12-28 19:50 -------- d-------- C:\Documents and Settings\Owner\Application Data\Canon
2006-12-20 14:13 -------- d-------- C:\Program Files\Instant PopOVER V2.0
2006-12-20 09:13 -------- d-------- C:\Program Files\ScreenPrint32 v3
2006-12-20 09:10 -------- d-------- C:\Program Files\GrabIt
2006-12-15 11:50 -------- d-------- C:\Program Files\Internet Explorer
2006-12-07 09:09 -------- d-------- C:\Documents and Settings\Owner\Application Data\.gaim
2006-12-02 09:24 -------- d-------- C:\Program Files\Azureus
2006-11-29 20:27 -------- d-------- C:\Documents and Settings\Owner\Application Data\Publish Providers
2006-11-25 01:29 -------- d-------- C:\Program Files\Common Files
2006-11-25 01:29 -------- d-------- C:\Documents and Settings\Owner\Application Data\COWON
2006-11-24 23:02 -------- d-------- C:\Documents and Settings\Owner\Application Data\Snapfish
2006-11-21 13:20 -------- d-------- C:\Program Files\Common Files\Adobe
2006-11-21 09:57 -------- d-------- C:\Documents and Settings\Owner\Application Data\AdobeAUM
2006-11-21 09:57 -------- d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-21 09:53 -------- d-------- C:\Program Files\Adobe
2006-11-11 07:47 -------- d-------- C:\Program Files\iTunes
2006-11-11 07:46 -------- d-------- C:\Program Files\QuickTime
2006-11-11 07:46 -------- d-------- C:\Program Files\iPod
2006-11-07 16:29 -------- d-------- C:\Program Files\Gaim
2006-11-07 16:29 -------- d-------- C:\Program Files\Common Files\GTK
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-10-31 09:35 73728 --a------ C:\WINDOWS\ALCFDRTM.EXE
2006-10-30 15:25 73216 --a------ C:\WINDOWS\ST6UNST.EXE
2006-10-30 15:25 249856 --------- C:\WINDOWS\Setup1.exe
2006-10-19 08:56 713216 --a------ C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58 8704 --a------ C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47 99840 --a------ C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47 991744 --a------ C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47 937984 --a------ C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47 8231936 --a------ C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47 767488 --------- C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47 757248 --a------ C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47 7168 --a------ C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47 656896 --------- C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47 63488 --a------ C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47 629760 --a------ C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47 613376 --------- C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47 603648 --a------ C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47 542720 --a------ C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47 535040 --------- C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47 429056 --a------ C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47 414208 --a------ C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47 4096 --a------ C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47 38400 --------- C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47 37376 --a------ C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47 35840 --a------ C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47 356352 --a------ C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47 348672 --a------ C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47 33792 --a------ C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47 321536 --a------ C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47 317440 --------- C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47 314880 --a------ C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47 295936 --------- C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47 284160 --------- C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47 276992 --a------ C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47 27136 --a------ C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47 2603008 --------- C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47 259072 --------- C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47 2450944 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47 242688 --a------ C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47 229376 --a------ C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47 227328 --a------ C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47 222208 --a------ C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47 212992 --------- C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47 211456 --a------ C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47 204288 --a------ C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47 199168 --------- C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47 179712 --a------ C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47 175616 --a------ C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47 166912 --------- C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47 1661440 --a------ C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47 1574912 --------- C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47 157184 --a------ C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47 154624 --a------ C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47 1543680 --------- C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47 1382912 --------- C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47 133632 --------- C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47 1329152 --a------ C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47 132096 --------- C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47 130048 --------- C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47 11264 --a------ C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47 1117696 --a------ C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47 101888 --------- C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03 100864 --a------ C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00 249856 --------- C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00 17408 --------- C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-02 15:28 312128 --------- C:\WINDOWS\system32\msdelta.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04 806912 --a------ C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04 790528 --a------ C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04 635486 --a------ C:\WINDOWS\system32\DivX.dll
(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries are not shown
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"Second Copy"="\"C:\\PROGRA~1\\SecCopy\\SecCopy.exe\""
"Taskbar Shuffle"="C:\\Program Files\\Taskbar Shuffle\\taskbarshuffle.exe"
"DOpus"="C:\\Program Files\\GPSoftware\\Directory Opus\\dopus.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"Democracy Player"="C:\\Program Files\\Participatory Culture Foundation\\Democracy Player\\Democracy.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"ShowWnd"="ShowWnd.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"CHotkey"="zHotkey.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"Alcmtr"="ALCMTR.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140813571\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Mixersel"="C:\\Program Files\\Realtek\\InstallShield\\mixersel.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,c8,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"=""
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=hex:c8,01,00,00
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WD Button Manager"="WDBtnMgr.exe"
"SetIcon"="\\Program Files\\WDC\\SetIcon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140813571\\ee\\AOLSoftware.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"item"="BigFix"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="200583151710_mcappins"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GWCares"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="200583151710_mcinfo"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"inimapping"="0"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"
Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ace Optimizer Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job
Completion time: 07-01-01 22:29:10.53
C:\ComboFix.txt ... 07-01-01 22:29
Post by: guestolo on January 02, 2007, 12:43:01 AM
Remove all Criticals
Reboot the computer
Can you navigate to these files please
C:\Documents and Settings\Owner\agony.sys <-file
C:\WINDOWS\system32\agony.sys
Can you right click on them and select properties
Version tab if available
Do you know what they're related too?
If not can you scan them at either of the following links
http://virusscan.jotti.org/ (http://\"http://virusscan.jotti.org/\")
OR
http://www.virustotal.com/flash/index_en.html (http://\"http://www.virustotal.com/flash/index_en.html\")
Use the browse button and navigate to the file on your harddrive
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please
Post by: Mod Ryan on January 02, 2007, 12:48:20 AM
Trojan-Risk = High
Agony is a newer type of Trojan and was only discovered in december 2006.
What ever anti-virus you have, do a full system scan as questolo says, try and delete it, you might also want to do an "ad-aware scan" , full system , just to make sure you do not have any Spyware.
Post by: bradfitz on January 02, 2007, 01:43:46 PM
---
Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, January 02, 2007 12:58:24 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R142 02.01.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»
References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Backdoor.Prorat.16(TAC index:8):18 total references
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file
Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects
1-2-2007 12:58:24 PM - Scan started. (Full System Scan)
MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents
MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom
MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d
MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X
MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw
MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player
MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console
MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened
MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension
MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened
MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk
MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history
Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 580
ThreadCreationTime : 1-1-2007 8:33:32 PM
BasePriority : Normal
#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 1-1-2007 8:33:38 PM
BasePriority : Normal
#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 1-1-2007 8:33:40 PM
BasePriority : High
#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 1-1-2007 8:33:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe
#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 1-1-2007 8:33:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe
#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 1-1-2007 8:33:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 1-1-2007 8:33:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 1-1-2007 8:33:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1192
ThreadCreationTime : 1-1-2007 8:33:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1340
ThreadCreationTime : 1-1-2007 8:33:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1464
ThreadCreationTime : 1-1-2007 8:33:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe
#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1716
ThreadCreationTime : 1-1-2007 8:33:50 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE
#:13 [msdtc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1848
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 2001.12.4414.258
ProductVersion : 03.01.00.4414
ProductName : Microsoft Distributed Transaction Coordinator
CompanyName : Microsoft Corporation
FileDescription : MS DTC console program
InternalName : MSDTC.EXE
LegalCopyright : Copyright © Microsoft Corp. 1995-1998
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(tm) is a trademark of Microsoft Corporation
#:14 [dkservice.exe]
FilePath : C:\Program Files\Diskeeper Corporation\Diskeeper\
ProcessID : 1920
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 10.0.608.0
ProductVersion : 10.0.608.0
ProductName : Diskeeper (tm) Disk Defragmenter
CompanyName : Diskeeper Corporation
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : © 1995-2006 Diskeeper Corporation
OriginalFilename : DKSERVICE
#:15 [prismxl.sys]
FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\
ProcessID : 1960
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 6.0.3.30
ProductVersion : 6.0.3.30
ProductName : PrismXL Software Family
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : © 1997-2004 New Boundary Technologies
OriginalFilename : PrismXL.sys
#:16 [locator.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1996
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Rpc Locator
InternalName : locator.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : locator.exe
#:17 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 148
ThreadCreationTime : 1-1-2007 8:33:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:18 [tablet.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 208
ThreadCreationTime : 1-1-2007 8:33:55 PM
BasePriority : High
#:19 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 1-1-2007 8:34:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe
#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 784
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe
#:21 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 192
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:22 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1140813571\ee\
ProcessID : 1792
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 1.4.16.3
ProductVersion : 1.4.16.3
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : © 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe
#:23 [viewmgr.exe]
FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
ProcessID : 936
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright © 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager
#:24 [picasamediadetector.exe]
FilePath : C:\Program Files\Picasa2\
ProcessID : 1044
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 2.5.0
ProductVersion : 2.5.0
ProductName : Picasa
CompanyName : Google Inc.
FileDescription : Picasa
InternalName : Picasa
LegalCopyright : © 2004- 2006 Google Inc.
OriginalFilename : Picasa2.exe
#:25 [shwiconem.exe]
FilePath : C:\Program Files\Digital Media Reader\
ProcessID : 964
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Idle
FileVersion : 1, 4, 0, 8
ProductVersion : 1, 4, 0, 8
ProductName : Multimedia Card Reader
CompanyName : Alcor Micro, Corp.
LegalCopyright : Copyright c 2002
Comments : Alcor 9360 4/4.5 Slot XP
#:26 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 968
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 14
ProductVersion : 1, 0, 0, 14
ProductName : Realtek HD Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek HD Audio Sound Manager
#:27 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 1208
ThreadCreationTime : 1-1-2007 8:34:05 PM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE
#:28 [zhotkey.exe]
FilePath : C:\WINDOWS\
ProcessID : 1396
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 7
ProductVersion : 3, 0, 0, 0
ProductName : Multimedia Keyboard Driver
FileDescription : Multimedia Keyboard Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2004.
OriginalFilename : mHotkey.res
#:29 [alcwzrd.exe]
FilePath : C:\WINDOWS\
ProcessID : 1556
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 1.1.0.15
ProductVersion : 1.1.0.15
ProductName : ALCWZRD
CompanyName : RealTek Semicoductor Corp.
FileDescription : RealTek AlcWzrd Application
InternalName : ALCWZRD.EXE
LegalCopyright : Copyright © 2003-2004 Realtek Semiconductor Corp.
OriginalFilename : ALCWZRD.EXE
#:30 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1660
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe
#:31 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1664
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe
#:32 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 1700
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:33 [seccopy.exe]
FilePath : C:\PROGRA~1\SecCopy\
ProcessID : 844
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 7.0.0.163
ProductVersion : 7.0
ProductName : Second Copy
CompanyName : Centered Systems
FileDescription : SecCopy
InternalName : SecCopy
LegalCopyright : © 1991-2006 All rights reserved
LegalTrademarks : Second Copy ®
OriginalFilename : SecCopy.exe
#:34 [taskbarshuffle.exe]
FilePath : C:\Program Files\Taskbar Shuffle\
ProcessID : 1804
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 2.0.0.164
ProductVersion : 1.0.0.0
ProductName : Taskbar Shuffle
CompanyName : Jay Elaraj
FileDescription : Taskbar Shuffle
InternalName : taskbarshuffle.exe
LegalCopyright : Copyright © 2006
#:35 [dopus.exe]
FilePath : C:\Program Files\GPSoftware\Directory Opus\
ProcessID : 1512
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 8, 2, 2, 4
ProductName : Directory Opus
CompanyName : GP Software
FileDescription : Directory Opus 8
InternalName : dopus
LegalCopyright : Copyright © 1999-2006 GP Software
LegalTrademarks : Directory Opus, Opus, DOpus, DirOpus, OpusPC, PCOpus are trademarks of GP Software
OriginalFilename : dopus.exe
#:36 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1936
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE
#:37 [suitcase.exe]
FilePath : C:\Program Files\Extensis\Suitcase 9.2\
ProcessID : 2108
ThreadCreationTime : 1-1-2007 8:34:07 PM
BasePriority : Normal
FileVersion : 9.2
ProductVersion : 9.2
ProductName : Suitcase 9.2
CompanyName : Extensis Products Group
FileDescription : Suitcase for Windows
InternalName : Suitcase
LegalCopyright : Copyright © 2003 Extensis Products Group
OriginalFilename : Suitcase.exe
#:38 [tabuserw.exe]
FilePath : C:\WINDOWS\system32\WTablet\
ProcessID : 2124
ThreadCreationTime : 1-1-2007 8:34:07 PM
BasePriority : Normal
FileVersion : 4.91-2
ProductVersion : 4.91-2
ProductName : Wacom Technology, Corp. TABUSERW
CompanyName : Wacom Technology, Corp.
FileDescription : TABUSERW
InternalName : TABUSERW
LegalCopyright : Copyright © 1997,1998,1999,2000,2001,2002,2003,2004,2005 Wacom Technology, Corp.
OriginalFilename : TABUSERW.EXE
#:39 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2300
ThreadCreationTime : 1-1-2007 8:34:09 PM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.
#:40 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2376
ThreadCreationTime : 1-1-2007 8:34:10 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe
#:41 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3344
ThreadCreationTime : 1-1-2007 8:34:46 PM
BasePriority : Normal
#:42 [taskpl~1.exe]
FilePath : C:\PROGRA~1\Ashampoo\ASHAMP~1\
ProcessID : 2504
ThreadCreationTime : 1-1-2007 8:37:57 PM
BasePriority : Normal
#:43 [dfrgfat.exe]
FilePath : C:\Program Files\Diskeeper Corporation\Diskeeper\
ProcessID : 1712
ThreadCreationTime : 1-1-2007 9:31:46 PM
BasePriority : Normal
FileVersion : 10.0.608.0
ProductVersion : 10.0.608.0
ProductName : Diskeeper (tm) Disk Defragmenter
CompanyName : Diskeeper Corporation
FileDescription : DFRGFAT.EXE
InternalName : DFRGFAT
LegalCopyright : © 1995-2006 Diskeeper Corporation
OriginalFilename : DFRGFAT
#:44 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2664
ThreadCreationTime : 1-2-2007 3:29:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE
#:45 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1608
ThreadCreationTime : 1-2-2007 5:57:15 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved
Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 13
Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-6-2012 12:38:10 PM
LastSync : Hits:1
UseCount : 0
Hits : 1
Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 1
Objects found so far: 14
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Backdoor.Prorat.16 Object Recognized!
Type : File
Data : A0048589.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\
Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
Deep scanning and examining files (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
Deep scanning and examining files (K:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Disk Scan Result for K:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15
Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 15
Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Backdoor.Prorat.16 Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : FW_KILL
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : XP_FW_Disable
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : XP_SYS_Recovery
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ICQ_UIN
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ICQ_UIN2
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Kurban_Ismi
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Mail
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Online_List
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Port
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Sifre
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Hata
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : KSil
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : LanNotifie
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Tport
Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ServerVersionInt
Backdoor.Prorat.16 Object Recognized!
Type : RegData
Data : explorer.exe
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe
Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 17
Objects found so far: 32
1:21:59 PM Scan Complete
Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:23:34.714
Objects scanned:353662
Objects identified:19
Objects ignored:0
New critical objects:19
---------
Post by: bradfitz on January 02, 2007, 01:47:00 PM
C:\Documents and Settings\Owner\agony.sys.
Scan results:
----
AntiVir
Found RKIT/Agony.A
ArcaVir
Found Trojan.Rootkit.Agent.Cs
Avast
Found Win32:Agent-CWS
AVG Antivirus
Found nothing
BitDefender
Found Rootkit.Agony.A
ClamAV
Found nothing
Dr.Web
Found Trojan.NtRootKit.184
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found RKPort!tr
Kaspersky Anti-Virus
Found nothing
NOD32
Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
-----
Post by: Mod Ryan on January 02, 2007, 01:54:54 PM
Quote
Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Backdoor.Prorat.16 Object Recognized!
Type : File
Data : A0048589.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\
Backdoor.prorat.16 is a type of RAT, just as i suspected, you have a "Remote-Access-Trojan", they arn't easy to get rid of, especially when it has spread to the diffrent locations you'rs has, could you do this for me and post what comes up START>>>RUN>>>Type "Command">>> "Netstat -a"
once you have done this please post the ports that have come up.
i once had an RAT not too long ago lol, thats' how i know how to remove them
/wink.gif\' class=\'bbc_emoticon\' alt=\';)\' />
Post by: Mod Ryan on January 02, 2007, 01:58:50 PM
The most popular RATs, such as Back Orifice or SubSeven, are all-in-one intruder toolshops that do everything—capture screen, sound, and video content. These Trojans are key loggers, remote controllers, FTP servers, HTTP servers, Telnet servers, and password finders. Intruders can configure the IP port the RATs listen on, how the RATs execute, and whether the RATs contact the originator by using email, Internet Relay Chat (IRC), or another chat mechanism. The more malicious RATs contain rogue mechanisms that hide the Trojans from prying eyes, encrypt communications, and contain professional-looking APIs so that other intruder developers can insert additional functionality. These RATs' aggressive functionality makes them larger—often 100KB to 300KB—and somewhat riskier for the intruder to install without anyone noticing.
Post by: bradfitz on January 02, 2007, 03:02:53 PM
Thanks for the quick response and helpful assistance Ryan.
Here is the result.. hopefully I did it right and it's what you're looking for. If not let me know.
------
Active Connections
Proto Local Address Foreign Address State
TCP BFWORK:epmap BFWORK:0 LISTENING
TCP BFWORK:microsoft-ds BFWORK:0 LISTENING
TCP BFWORK:2869 BFWORK:0 LISTENING
TCP BFWORK:31038 BFWORK:0 LISTENING
TCP BFWORK:1025 BFWORK:0 LISTENING
TCP BFWORK:1086 localhost:1087 ESTABLISHED
TCP BFWORK:1087 localhost:1086 ESTABLISHED
TCP BFWORK:1088 localhost:1089 ESTABLISHED
TCP BFWORK:1089 localhost:1088 ESTABLISHED
TCP BFWORK:1225 localhost:1226 ESTABLISHED
TCP BFWORK:1226 localhost:1225 ESTABLISHED
TCP BFWORK:4664 BFWORK:0 LISTENING
TCP BFWORK:netbios-ssn BFWORK:0 LISTENING
TCP BFWORK:1234 f4.4.5546.static.theplanet.com:http CLOSE_WAIT
TCP BFWORK:1387 he-in-f104.google.com:http ESTABLISHED
TCP BFWORK:1388 he-in-f104.google.com:http ESTABLISHED
TCP BFWORK:1402 va-in-f104.google.com:http TIME_WAIT
TCP BFWORK:1419 va-in-f99.google.com:http ESTABLISHED
TCP BFWORK:1439 72.14.253.91:http ESTABLISHED
TCP BFWORK:1469 worldwidebrands.com:http ESTABLISHED
TCP BFWORK:1470 worldwidebrands.com:http ESTABLISHED
TCP BFWORK:1478 va-in-f99.google.com:http ESTABLISHED
UDP BFWORK:microsoft-ds *:*
UDP BFWORK:1042 *:*
UDP BFWORK:1055 *:*
UDP BFWORK:1243 *:*
UDP BFWORK:1900 *:*
UDP BFWORK:netbios-ns *:*
UDP BFWORK:netbios-dgm *:*
UDP BFWORK:1900 *:*
C:\DOCUME~1\OWNER>
Post by: bradfitz on January 02, 2007, 03:05:22 PM
"Windows Media Player cannot play the file because there is a problem with your sound device. There might not be a sound device installed on your computer, it might be in use by another program, or it might not be functioning properly."
Post by: Mod Ryan on January 02, 2007, 08:28:57 PM
Also changing you'r IP address might help, plus, you have a alot of port holes open, how many internet application are you running there?
Trojan Name Port
BO jammerkillahV
121
NukeNabber
139
Intruders Paradise
456
Stealth Spy
555
Phase0
555
NeTadmin
555
Satanz Backdoor
666
Attack FTP
666
AIMSpy
777
Der Spaeher
1000
Silencer
1001
WebEx
1001
Doly Trojan
1011
Doly Trojan
1015
Netspy
1033
Bla 1.1
1042
Psyber Stream Server
1170
Streaming Audio Trojan
1170
SoftWar
1207
Ultors Trojan
1234
SubSeven
1243
VooDoo Doll
1245
GabanBus
1245
NetBus
1245
Maverick's Matrix
1269
FTP99CMP
1492
Psyber Streaming Server
1509
Shiva Burka
1600
SpySender
1807
ShockRave
1981
BackDoor
1999
Transcout
1999
Der Spaeher
2000
Trojan Cow
2001
Pass Ripper
2023
Bugs
2115
Deep Throat
2140
The Invasor
2140
HVL Rat5
2283
Striker
2565
Wincrash2
2583
The Prayer
2716
Phineas
2801
Portal of Doom
3700
Total Eclypse
3791
WinCrash
4092
FileNail
4567
IcqTrojan
4950
Sockets de Troie
5000
Sockets de Troie 1.x
5001
OOTLT Cart
5011
NetMetro
5031
Firehotcker
5321
BackConstruction 1.2
5400
BladeRunner
5400
Blade Runner 1.x
5401
Blade Runner 2.x
5402
Illusion Mailer
5521
Xtcp
5550
RoboHack
5569
Wincrash
5742
The thing
6000
The thing
6400
Vampire
6669
Host Control
6669
DeepThroat
6670
DeepThroat
6771
DeltaSource
6883
Heep
6912
Indoctrination
6939
GateCrasher
6969
Priority
6969
Remote Grab
7000
NetMonitor
7300
NetMonitor 1.x
7301
NetMonitor 2.x
7306
NetMonitor 3.x
7307
NetMonitor 4.x
7308
Qaz
7597
ICQKiller
7789
InCommand
9400
Portal of Doom
9872
END,
i hope this list helps,
also, "comodo firewall" is a great way to break links in ports, it also has a high setting to block all internet traffic, it's great and is a very usefull program.
Post by: Mod Ryan on January 02, 2007, 08:31:12 PM
if all else fails, try a diffrent media center,
Do u get sound when u log into windows? (Windows startup melody)
Post by: guestolo on January 03, 2007, 12:46:22 AM
Download [color=\"#0000FF\"]gmer.zip[/color] (http://\"http://www.majorgeeks.com/GMER_d5198.html\")
Unzip it to the desktop.
Double click on gmer.exe
Click on Scan.
DO NOT select 'Show All'
When the scan has run click Copy and paste the results (if any) into this thread
After you post those results, can you also run the following
Download SREng
http://www.kztechs.com/sreng/sreng2.zip (http://\"http://www.kztechs.com/sreng/sreng2.zip\")
Extract it to Desktop and double click SREng.exe to run it
Select: Smart Scan and click on the [Scan] button.
Let the scan finish, may take a couple minutes
When finished, click on the 'Save Reports' button and save the log to Desktop
Please post the SREng log in your reply.
It may take more than one reply to post the above 2 logs
Post by: bradfitz on January 08, 2007, 03:40:01 PM
Post by: bradfitz on January 08, 2007, 03:42:22 PM
I tried posting my GMER log dierctly into the forum but the browser kept crashing, even when I tried to do it in multiple parts so I will post it on my own server and link to it here:
http://bradfitzpatrick.com/BFGMER_log_.txt (http://\"http://bradfitzpatrick.com/BFGMER_log_.txt\")
Post by: bradfitz on January 08, 2007, 03:44:17 PM
---begin---
Code: [Select]
2007-01-08,15:40:46
System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)
Windows XP Home Edition Service Pack 2 (Build 2600)
- Administrative User - Completed Functions Allowed
Follow item(s) have been choosed:
All Boot Items (Including Registry, Startup Folders, Services and so on)
Browser Add-ons
Runing Processes (Including process model information)
File Associations
Winsock Provider
Autorun.Inf
HOSTS File
Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
<updateMgr><"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1> [N/A]
<STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide> [N/A]
<Second Copy><"C:\PROGRA~1\SecCopy\SecCopy.exe"> [Centered Systems]
<Taskbar Shuffle><C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe> [Jay Elaraj]
<DOpus><C:\Program Files\GPSoftware\Directory Opus\dopus.exe> [(Verified)GP Software]
<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe> [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<load><> [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
<Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup> [Google]
<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k> [N/A]
<ShowWnd><ShowWnd.exe> [N/A]
<Recguard><%WINDIR%\SMINST\RECGUARD.EXE> []
<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe> [Ahead Software Gmbh]
<IgfxTray><C:\WINDOWS\system32\igfxtray.exe> [(Verified)Intel Corporation]
<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe> [(Verified)Intel Corporation]
<CHotkey><zHotkey.exe> []
<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.]
<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe"> [(Verified)Apple Computer, Inc.]
<High Definition Audio Property Page Shortcut><HDAShCut.exe> [(Verified)Windows (R) Server 2003 DDK provider]
<High Definition Audio Property Page Shortcut><HDAShCut.exe> [(Verified)Windows (R) Server 2003 DDK provider]
<SoundMan><SOUNDMAN.EXE> [(Verified)Realtek Semiconductor Corp.]
<AlcWzrd><ALCWZRD.EXE> [RealTek Semicoductor Corp.]
<Alcmtr><ALCMTR.EXE> [(Verified)Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<shell><explorer.exe> [(Verified)Microsoft Corporation]
<Userinit><userinit.exe> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
<AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL> [Google]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
<UIHost><LogonUI.EXE> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
<{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}><C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll> [(Verified)GP Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll> [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
<WinlogonNotify: WgaLogon><WgaLogon.dll> [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
<Cleanup><; > [N/A]
<Gateway Extended Warranty><; > [N/A]
<msci><; > [N/A]
<SSC_UserPrompt><; > [N/A]
==================================
Startup Folders
[Adobe Gamma Loader]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Adobe Reader Speed Launch]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Suitcase Startup]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk --> C:\PROGRA~1\Extensis\SUITCA~1.2\Suitcase.exe [Extensis Products Group]><N>
[TabUserW.exe]
<C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk --> C:\WINDOWS\system32\WTablet\TabUserW.exe [Wacom Technology, Corp.]><N>
==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ATM Service / ATMsrvc][Stopped/Disabled]
<C:\WINDOWS\System32\ATMsrvc.exe><Adobe Systems Incorporated>
[Diskeeper / Diskeeper][Running/Auto Start]
<"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
<C:\WINDOWS\System32\dmadmin.exe /com><Microsoft Corp., Veritas Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
<"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
<"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
<"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[Removable Storage / NtmsSvc][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\ntmssvc.dll><Microsoft Corporation>
[Microsoft Office Diagnostics Service / odserv][Stopped/Manual Start]
<"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"><Microsoft Corporation>
[PrismXL / PrismXL][Running/Auto Start]
<C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS><New Boundary Technologies, Inc.>
[Retrospect Launcher / RetroLauncher][Stopped/Disabled]
<C:\Program Files\Dantz\Retrospect\retrorun.exe><Dantz Development Corporation>
[Retrospect WD Service / RetroWDSvc][Stopped/Disabled]
<C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe><Dantz Development Corporation>
[StyleXPService / StyleXPService][Stopped/Auto Start]
<"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[TabletService / TabletService][Running/Auto Start]
<C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.>
[Telephony / TapiSrv][Running/Manual Start]
<C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
<C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\upnphost.dll><Microsoft Corporation>
[Windows Management Instrumentation / winmgmt][Running/Auto Start]
<C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\wbem\WMIsvc.dll><Microsoft Corporation>
==================================
Drivers
[abp480n5 / abp480n5][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[agony / agony][Running/Manual Start]
<\??\C:\WINDOWS\system32\agony.sys><N/A>
[Aha154x / Aha154x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ASPI32 / ASPI32][Running/Auto Start]
<System32\drivers\aspi32.sys><Adaptec>
[Audio Stub Driver / audstub][Running/Manual Start]
<system32\DRIVERS\audstub.sys><Microsoft Corporation>
[cd20xrnt / cd20xrnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
<system32\DRIVERS\e100b325.sys><Intel Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
<System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
<system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
<system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
<system32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
<system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
<system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Hauppauge WinTV PVR USB2 Encoder / iComp][Stopped/Manual Start]
<system32\DRIVERS\HCWUSB2.sys><Hauppauge Computer Works, Inc.>
[ini910u / ini910u][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[WD Bridge Controller Driver / inibtmgr][Stopped/Manual Start]
<system32\DRIVERS\inibtmgr.sys><Western Digital>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
<system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[PnP ISA/EISA Bus Driver / isapnp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\isapnp.sys><Microsoft Corporation>
[Jukebox / Jukebox][Stopped/Manual Start]
<system32\DRIVERS\ctpdusb2.sys><Creative Technology Ltd.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
<system32\DRIVERS\mdmxsdk.sys><Conexant>
[Mouse HID Driver / mouhid][Running/Manual Start]
<system32\DRIVERS\mouhid.sys><Microsoft Corporation>
[mraid35x / mraid35x][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[MRxSmb / MRxSmb][Running/System Start]
<system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[Macronix MX987xx Family Fast Ethernet NT Driver / mxnic][Stopped/Manual Start]
<system32\DRIVERS\mxnic.sys><Macronix International Co., Ltd.>
[Remote Access NDIS TAPI Driver / NdisTapi][Running/Manual Start]
<system32\DRIVERS\ndistapi.sys><Microsoft Corporation>
[NetBios over Tcpip / NetBT][Running/System Start]
<system32\DRIVERS\netbt.sys><Microsoft Corporation>
[nv / nv][Running/Manual Start]
<system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Pen Class / PenClass][Running/Boot Start]
<\SystemRoot\system32\Drivers\PenClass.sys><Wacom Technology Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
<system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
<\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
<system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
<system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[StyleXPHelper / StyleXPHelper][Running/System Start]
<\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[Alcor Micro Corp Reader / SunkFilt][Running/Manual Start]
<\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys><Alcor Micro Corp.>
[symc810 / symc810][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
<\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
<system32\DRIVERS\wanatw4.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
<system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
<system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>
==================================
Browser Add-ons
[HelperObject Class]
{00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation>
[&Research]
{92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[Real.com]
{CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
{FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation>
[]
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[ActiveScan Installer Class]
{9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ASPRO Installer Class]
{D6376DD2-C2BD-49B2-A1B1-138F869633F3} <C:\WINDOWS\Downloaded Program Files\ASPROinst.dll, Panda Software>
[HelperObject Class]
{00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation>
[SnagIt]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation>
[Shockwave Flash Object]
{D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Add to Windows &Live Favorites]
<http://favorites.live.com/quickadd.aspx, N/A>
[E&xport to Microsoft Excel]
<res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>
==================================
Running Processes
[PID: 536][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\igfxsrvc.dll] [Intel Corporation, 3.0.0.3889]
[C:\WINDOWS\system32\hccutils.DLL] [Intel Corporation, 3.0.0.3889]
[PID: 748][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1120][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1356][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1504][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
[C:\WINDOWS\system32\CNMLM4d.DLL] [CANON INC., 1.62.2.2]
[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD4d.DLL] [CANON INC., 1.62.2.2]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI4d.DLL] [CANON INC., 1.62.2.2]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR4d.DLL] [CANON INC., 1.62.2.2]
[PID: 1636][C:\WINDOWS\system32\msdtc.exe] [Microsoft Corporation, 2001.12.4414.258]
[PID: 1708][C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe] [Diskeeper Corporation, 10.0.608.0]
[C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll] [Diskeeper Corporation, 10.0.608.0]
[C:\Program Files\Diskeeper Corporation\Diskeeper\GetFATExtents.dll] [Diskeeper Corporation, 10.0.608.0]
[C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll] [Diskeeper Corporation, 10.0.608.0]
[C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll] [Diskeeper® Corporation., 1.0.37.0]
[C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll] [Diskeeper Corporation, 10.0.608.0]
[C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS] [New Boundary Technologies, Inc., 6.0.3.30]
[PID: 1776][C:\WINDOWS\system32\locator.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1860][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\WINDOWS\system32\CNQU86.DLL] [CANON INC., 1, 0, 2, 3]
[C:\WINDOWS\system32\CNQL3203.DLL] [, 1, 0, 0, 5]
[PID: 1916][C:\WINDOWS\system32\Tablet.exe] [Wacom Technology, Corp., 4.91-2]
[PID: 448][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 396][C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] [Google, 4.2006.1008.2039]
[PID: 812][C:\WINDOWS\zHotkey.exe] [, 3, 0, 0, 7]
[C:\WINDOWS\HKNTDLL.dll] [N/A, N/A]
[PID: 1144][C:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.1.3]
[PID: 824][C:\Program Files\iTunes\iTunesHelper.exe] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL] [Apple Computer, Inc., 7.0.2.16]
[PID: 1736][C:\WINDOWS\SOUNDMAN.EXE] [Realtek Semiconductor Corp., 1, 0, 0, 17]
[PID: 1524][C:\WINDOWS\ALCWZRD.EXE] [RealTek Semicoductor Corp., 1.1.0.23]
[PID: 2076][C:\PROGRA~1\SecCopy\SecCopy.exe] [Centered Systems, 7.0.0.163]
[PID: 2092][C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe] [Jay Elaraj, 2.0.0.164]
[C:\Program Files\Taskbar Shuffle\tbhookin.dll] [, 2.0.0.469]
[PID: 2100][C:\Program Files\GPSoftware\Directory Opus\dopus.exe] [GP Software, 2, 0, 0, 0]
[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll] [GP Software, 2, 0, 60, 0]
[C:\Program Files\GPSoftware\Directory Opus\dopusbch.dll] [Jan van den Baard, modifications (with permission) by GP Software, 6, 0, 0, 4]
[C:\Program Files\GPSoftware\Directory Opus\exif.dll] [GP Software, 1, 0, 0, 6]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[C:\WINDOWS\HKNTDLL.dll] [N/A, N/A]
[C:\Program Files\Ace Utilities\wipext.dll] [N/A, N/A]
[C:\Program Files\Ace Utilities\WIPE.dll] [N/A, N/A]
[C:\WINDOWS\system32\amstream.dll] [N/A, N/A]
[C:\WINDOWS\system32\quartz.dll] [N/A, N/A]
[C:\WINDOWS\system32\devenum.dll] [N/A, N/A]
[C:\WINDOWS\system32\msdmo.dll] [N/A, N/A]
[C:\Program Files\K-Lite Codec Pack\filters\vsfilter.dll] [Gabest, 1, 0, 0, 9]
[C:\Program Files\K-Lite Codec Pack\filters\3ivxDSMediaSplitter.ax] [3ivx.com, 4, 5, 1, 30]
[C:\WINDOWS\system32\OpenQuicktimeLib.dll] [N/A, N/A]
[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcspmpeg.ax] [MainConcept AG, 1, 0, 1, 3]
[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mpegin.dll] [MainConcept AG, official release build]
[C:\WINDOWS\system32\mpg2splt.ax] [N/A, N/A]
[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcdsmpeg.ax] [MainConcept AG, 1, 0, 0, 73]
[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcmpgdec.dll] [MainConcept AG, official release build]
[C:\WINDOWS\system32\dxmasf.dll] [N/A, N/A]
[C:\Program Files\Common Files\Ahead\DSFilter\NeVideo.ax] [Ahead Software AG, 2, 0, 1, 0]
[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll] [Ahead Software AG, 1,0,13, 2121]
[C:\Program Files\GPSoftware\Directory Opus\Viewers\jp2raw.dll] [http://www.PretentiousName.com, 1, 1, 0, 0]
[C:\Program Files\GPSoftware\Directory Opus\Viewers\movie.dll] [GP Software, 1, 0, 0, 4]
[C:\Program Files\GPSoftware\Directory Opus\Viewers\wma.dll] [GP Software, 1, 0, 0, 3]
[C:\Program Files\GPSoftware\Directory Opus\Viewers\textthumb.dll] [http://www.PretentiousName.com, 1, 2, 0, 0]
[C:\Program Files\GPSoftware\Directory Opus\Viewers\gifanim.dll] [http://www.PretentiousName.com, 1, 1, 0, 8]
[C:\Program Files\GPSoftware\Directory Opus\Viewers\ogg.dll] [http://www.gpsoft.com.au, 1, 0, 0, 4]
[C:\Program Files\GPSoftware\Directory Opus\Viewers\targa.dll] [GP Software, 1, 0, 0, 4]
[C:\Program Files\GPSoftware\Directory Opus\Viewers\text.dll] [GP Software, 1, 0, 0, 12]
[PID: 2108][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2184][C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe] [Extensis Products Group, 9.2]
[C:\Program Files\Extensis\Suitcase 9.2\EToolBox.dll] [Extensis, Inc., 1.0.6]
[C:\Program Files\Extensis\Suitcase 9.2\slp.dll] [N/A, N/A]
[C:\Program Files\Extensis\Suitcase 9.2\SCAfmSup.dll] [Extensis Products Group, 1, 0, 0, 1]
[C:\Program Files\Extensis\Suitcase 9.2\SCAtmSup.dll] [Extensis Products Group, 1, 0, 0, 1]
[C:\WINDOWS\system32\ATMLIB.dll] [Adobe Systems, 5.1 Build 226]
[PID: 2196][C:\WINDOWS\system32\WTablet\TabUserW.exe] [Wacom Technology, Corp., 4.91-2]
[PID: 2208][C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll] [Google, 4.2006.1008.2039]
[C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\gzlib.dll] [N/A, N/A]
[C:\WINDOWS\HKNTDLL.dll] [N/A, N/A]
[PID: 2220][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2420][C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\gzlib.dll] [N/A, N/A]
[C:\WINDOWS\system32\icm32.dll] [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
[PID: 2452][C:\Program Files\iPod\bin\iPodService.exe] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL] [Apple Computer, Inc., 7.0.2.16]
[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL] [Apple Computer, Inc., 7.0.2.16]
[PID: 820][C:\Program Files\Microsoft Office\Office10\WINWORD.EXE] [Microsoft Corporation, 10.0.2627]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopOffice.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\TechSmith\SnagIt 8\SnagItOfficeAddin.dll] [TechSmith Corporation, 1.1.0]
[C:\Program Files\TechSmith\SnagIt 8\SnagItOfficeAddinRes.dll] [TechSmith Corporation, 1.1.0]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI4d.DLL] [CANON INC., 1.62.2.2]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR4d.DLL] [CANON INC., 1.62.2.2]
[PID: 184][C:\Documents and Settings\Owner\Desktop\gmer.exe] [N/A, 1, 0, 12, 12011]
[C:\WINDOWS\gmer.dll] [N/A, 1, 0, 12, 12011]
[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll] [GP Software, 2, 0, 60, 0]
[C:\WINDOWS\HKNTDLL.dll] [N/A, N/A]
[PID: 3652][C:\WINDOWS\explorer.exe] [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll] [GP Software, 2, 0, 60, 0]
[C:\Program Files\Taskbar Shuffle\tbhookin.dll] [, 2.0.0.469]
[C:\Program Files\SmartFTP\smarthook.dll] [SmartFTP, 1.0.2.1]
[C:\Program Files\WinSCP3\DragExt.dll] [Martin Prikryl, 1.1.5.67]
[C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll] [N/A, N/A]
[C:\Program Files\Ace Utilities\wipext.dll] [N/A, N/A]
[C:\Program Files\Ace Utilities\WIPE.dll] [N/A, N/A]
[C:\Program Files\WinRAR\rarext.dll] [N/A, N/A]
[C:\Program Files\TextPad 4\System\shellext.dll] [Helios Software Solutions, 1.4]
[C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll] [TechSmith Corporation, 1.0.2.0]
[C:\Program Files\eFax Messenger 4.0\J2GShell.dll] [j2 Global Communications, Inc., 4.0.134.0]
[C:\Program Files\eFax Messenger 4.0\J2GRes_Enu.dll] [j2 Global Communications, Inc., 4.0.134.0]
[PID: 3280][C:\Program Files\Windows NT\Accessories\wordpad.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll] [GP Software, 2, 0, 60, 0]
[C:\WINDOWS\HKNTDLL.dll] [N/A, N/A]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI4d.DLL] [CANON INC., 1.62.2.2]
[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR4d.DLL] [CANON INC., 1.62.2.2]
[PID: 500][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.1: 2006120418]
[C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0]
[C:\Program Files\Mozilla Firefox\nspr4.dll] [Netscape Communications Corporation, 4.6.4]
[C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.1: 2006120418]
[C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.4]
[C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.4]
[C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\nss3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.1: 2006120418]
[C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL] [Google, 4.2006.1008.2039]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.1: 2006120418]
[C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1.1: 2006120418]
[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll] [Google, 4.2006.1008.2039]
[C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.1: 2006120418]
[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] [N/A, N/A]
[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll] [GP Software, 2, 0, 60, 0]
[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] [N/A, N/A]
[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll] [N/A, N/A]
[C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC]
[C:\PROGRA~1\MOZILL~1\nssckbi.dll] [Mozilla Foundation, 1.62]
[C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.1: 2006120418]
[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\components\ColorZilla.dll] [N/A, N/A]
[C:\Program Files\Mozilla Firefox\plugins\npmozax.dll] [, 1, 0, 0, 4]
[C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll] [N/A, N/A]
[C:\Program Files\Google\Google Desktop Search\gzlib.dll] [N/A, N/A]
[C:\WINDOWS\HKNTDLL.dll] [N/A, N/A]
[C:\Program Files\Dell\Dell DJ Explorer\CTOJBNS.DLL] [Creative Technology Ltd, 1.00.13]
[C:\Program Files\Dell\Dell DJ Explorer\CTIntrfc.dll] [Creative Technology Ltd, 1.1.1.0]
[C:\Program Files\Dell\Dell DJ Explorer\DFMHK.dll] [Creative Technology Ltd, 1.0.1.0]
[C:\Program Files\Dell\Dell DJ Explorer\CTOJBRES.DLL] [Creative Technology Ltd, 1.00.11]
[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 7.0.0.0]
[PID: 3100][C:\Documents and Settings\Owner\Desktop\SREng.EXE] [Smallfrogs Studio, 2.3.13.690]
[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll] [GP Software, 2, 0, 60, 0]
==================================
File Associations
.TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE OK. ["%1" %*]
.COM OK. ["%1" %*]
.PIF OK. ["%1" %*]
.REG OK. [regedit.exe "%1"]
.BAT OK. ["%1" %*]
.SCR OK. ["%1" /S]
.CHM OK. ["C:\WINDOWS\hh.exe" %1]
.HLP OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS Error. ["C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"]
.LNK OK. [{00021401-0000-0000-C000-000000000046}]
==================================
Winsock Provider
N/A
==================================
Autorun.Inf
N/A
==================================
HOSTS File
127.0.0.1 localhost
==================================
API HOOK
N/A
==================================
Post by: guestolo on January 09, 2007, 01:16:12 AM
==Download AVG Anti-Spyware 7.5 (http://\"http://www.ewido.net/en/download/\")
- Save the installer to desktop
- Double click the installer, select your language, and then select "OK"
- Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
- AVG will now install and afterwards click FINISH
- AVG Anti-Spyware 7.5 should now Load
- Click the Update tab at the top. Under Manual Update click Start update.
- After the update finishes (the status bar at the bottom will display "Update successful")
- Click on the Scanner tab at the top
- Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected
Download [color=\"red\"]SDFix[/color] (http://\"http://downloads.andymanchesta.com/RemovalTools/SDFix.exe\") and save it to your Desktop.
Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
We'll need this later
Download [color=\"#FF0000\"]The Avenger.zip[/color] (http://\"http://swandog46.geekstogo.com/avenger.zip\") by Swandog46 to your Desktop.
* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop
We'll need this shortly
Print the rest of these instructions, it's important, as much of the instructions will be done without any browser windows open and in also safe mode
LOG OFF any other users on the computer except for yourself
Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
=============================================================
[color=\"#0000FF\"]
Drivers to unload:
agony[/color]
==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt
* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.
Avenger should now Reboot your computer
Since the script includes "Drivers to unload:"
Your computer will actually reboot twice
Back in Windows
Remain offline, don't open any browser windows
Please then reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, the Advanced Options Menu should appear;
- Select the first option, to run Windows in Safe Mode, then press Enter.
- Choose your usual account.
- Click on the Scanner tab at the top
- Cick on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
- When the scan is complete it will list any infections found on the left hand side.
- Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
- Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).
SDFix
- Open the extracted SDFix folder and double click RunThis.bat to start the script.
- Type Y to begin the cleanup process.
- It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
- Press any Key and it will restart the PC.
- When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
- Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
Even if it takes more than one reply to do so
1. Post a fresh hijackthis log
2. Post the whole report from AVG antispyware
3. Post the "Report.txt" from SDFix
4. Post the log from Avenger>>C:\Avenger.txt
Could you also do the following
AVG and SDFix should of taken care of some files>folders
But can I have you run another scan with GMER rootkit scan please
Before you run the scan, can you open your TaskManager and End Process on "thunderbird.exe"
It seemed to make the last log huge
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Ending it's process may help out....
Post by: bradfitz on January 09, 2007, 12:39:07 PM
I just followed all of the above instructions and I will post all requested log files below in separate posts.
Here is my fresh hijackthis log:
Logfile of HijackThis v1.99.1
Scan saved at 12:37:46 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\My Work\downloads\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm (http://\"http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com (http://\"http://www.gatewaybiz.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com (http://\"http://www.gatewaybiz.com\")
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Cleanup] ;
O4 - HKLM\..\Run: [Gateway Extended Warranty] ;
O4 - HKLM\..\Run: [msci] ;
O4 - HKLM\..\Run: [SSC_UserPrompt] ;
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg (http://\"http://thesecret.tv/movie/player/vivid_ocx.jpeg\")
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab (http://\"http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab\")
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Post by: bradfitz on January 09, 2007, 12:40:06 PM
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 12:00:01 PM 1/9/2007
+ Scan result:
C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\A0048587.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\A0048588.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\My Downloads 3\registry clean up and tune up tools\RegDoctor v1.63\RegDoctor_keygen.exe -> Logger.Perfloger.o : Cleaned with backup (quarantined).
K:\My Stuff\Software\Huge Video Editing Software Collection\DVD.Lab.1.00.Pro.rar/DVD.Lab.1.00.Pro\Patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\agony.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0064338.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\WINDOWS\system32\agony.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winsecurityxp\rk.exe -> Rootkit.Agony : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.588:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.604:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.287:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.288:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.289:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.686:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.687:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.689:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.690:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.691:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.692:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.354:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.509:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.406:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.605:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.498:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.501:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.502:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.641:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.693:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.704:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.569:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.625:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.286:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.291:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.685:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.688:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.697:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.698:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.699:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.700:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.701:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.702:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.703:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\A0048586.exe -> Worm.VB.an : Cleaned with backup (quarantined).
K:\My Stuff\Software\Ace Utilities 3.0.0.4038.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).
::Report end
Post by: bradfitz on January 09, 2007, 12:41:08 PM
SDFix: Version 1.57
Tue 01/09/2007 - 12:07:10.04
Microsoft Windows XP [Version 5.1.2600]
Running From: C:\DOCUME~1\Owner\Desktop\SDFix
Safe Mode
Service Check:
Service Name:
File Path:
Starting Registry Repairs
Restoring Default Hosts File...
Stage One Complete
Rebooting...
Stage Two - Normal Mode
Checking Files:
--------------
C:\WINDOWS\system32\winsecurityxp\mswinup.exe
Removing any Files Found...
Alternate Stream Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Enabled:BearShare"
"C:\\Program Files\\SmartFTP\\SmartFTP.exe"="C:\\Program Files\\SmartFTP\\SmartFTP.exe:*:Enabled:SmartFTP Client"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"%SystemDir%\\winsecurityxp\\mswinup.exe"="%SystemDir%\\winsecurityxp\\mswinup.exe:*:Enabled:Internet Explorer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe:*:Enabled:AOL"
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe:*:Enabled:AOL"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Owner\Desktop\SDFix\backups\backups.zip
Remaining files with hidden attributes:
C:\NTDETECT.COM
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\Favorites\Business\The Quicken.com Channel\desktop.ini
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\dvd.mondominishows.com\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\happytee.mondominishows.com\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\love.happytreefriends.com\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\minibytes.mondominishows.com\eye\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Clients\ActiveEdge\Active Edge_old_stuff\_FilesFromAE\HappyTreeFriends\spike.mondominishows.com\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\Inspiration\CARTOONS\Political\Ann Telnaes\www.anntelnaes.com\images\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\My Illustration\BlackRaiders.com\finals\Thumbs.db
C:\Documents and Settings\Owner\My Documents\My Work\My Illustration\Portfolios.com\Thumbs.db
C:\Documents and Settings\Owner\NetHood\bradfitzpatrick.com\Desktop.ini
C:\Program Files\Picasa2\setup.exe
C:\WINDOWS\system32\cdplayer.exe.manifest
C:\WINDOWS\system32\logonui.exe.manifest
C:\hiberfil.sys
C:\IO.SYS
C:\MSDOS.SYS
C:\pagefile.sys
C:\WINDOWS\SMINST\HPCD.sys
Finished
Post by: bradfitz on January 09, 2007, 12:42:47 PM
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bllbjfua
*******************
Script file located at: \??\C:\Program Files\aafbqlrj.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Driver agony unloaded successfully.
Completed script processing.
*******************
Finished! Terminate.
Post by: bradfitz on January 09, 2007, 12:43:55 PM
GMER 1.0.12.12011 - http://www.gmer.net (http://\"http://www.gmer.net\")
Rootkit scan 2007-01-09 12:35:41
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
---- Registry - GMER 1.0.12 ----
Reg \Registry\USER\S-1-5-21-2194748585-1584497749-360572042-1003\Software\GPSoftware\Directory Opus\Paths\Formats\System@[+000214001f58602c8d20ea3a6910a2d708002b30309d1400470002456e74697265
204e6574776f726b0033004600824d6963726f736f66742057696e646f7773204e6574776f726b00
4
d6963726f736f6674204e6574776f726b00020022004100824669747a686f6d65004d6963726f736
f
6674204e6574776f726b00020022004200825c5c4266776f726b004d6963726f736f6674204e6574
7
76f726b0002000000] 0x01 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-2194748585-1584497749-360572042-1003\Software\GPSoftware\Directory Opus\Paths\Formats\System@[+000214001f58602c8d20ea3a6910a2d708002b30309d1400470002456e74697265
204e6574776f726b0033004600824d6963726f736f66742057696e646f7773204e6574776f726b00
4
d6963726f736f6674204e6574776f726b00020022004100824669747a686f6d65004d6963726f736
f
6674204e6574776f726b0002000000] 0x01 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-2194748585-1584497749-360572042-1003\Software\GPSoftware\Directory Opus\Paths\Formats\System@[+000214001f58602c8d20ea3a6910a2d708002b30309d1400470002456e74697265
204e6574776f726b0033004600824d6963726f736f66742057696e646f7773204e6574776f726b00
4
d6963726f736f6674204e6574776f726b00020022004100824669747a686f6d65004d6963726f736
f
6674204e6574776f726b00020032004200c25c5c436f736d6f004d6963726f736f6674204e657477
6
f726b00427261642773205461626c65742050430002000000] 0x01 0x00 0x00 0x00 ...
Reg \Registry\USER\S-1-5-21-2194748585-1584497749-360572042-1003\Software\GPSoftware\Directory Opus\Paths\Formats\System@[+000214001f58602c8d20ea3a6910a2d708002b30309d1400470002456e74697265
204e6574776f726b0033004600824d6963726f736f66742057696e646f7773204e6574776f726b00
4
d6963726f736f6674204e6574776f726b00020022004100824669747a686f6d65004d6963726f736
f
6674204e6574776f726b00020021004200825c5c436f736d6f004d6963726f736f6674204e657477
6
f726b0002000000] 0x04 0x00 0x00 0x00 ...
---- Files - GMER 1.0.12 ----
File C:\Documents and Settings\Owner\Application Data\Macromedia\Dreamweaver 8\Configuration\SiteCache\If the Shoe FITZ..\dwSiteColumnsMe.xml
File C:\Documents and Settings\Owner\Application Data\Macromedia\Dreamweaver MX\Configuration\SiteCache\If the Shoe FITZ..\dwSiteColumnsMe.xml
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\Cade&Mom_004.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_01.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_02.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_03.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_04.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_05.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_hot_trunks_01.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\caden_siena_sasha_sweaters_.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\cheesman_scary.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\deer_01.jpg:Roxio EMC Stream
ADS C:\Documents and Settings\Owner\Desktop\SOME PICS\deer_02.jpg:Roxio EMC Stream
ADS ...
---- EOF - GMER 1.0.12 ----
Post by: bradfitz on January 11, 2007, 09:50:00 AM
Thank You!
Post by: guestolo on January 11, 2007, 08:32:34 PM
Can you do the following still please
Do a "System scan only" with Hijackthis and put a check next to these entries:
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,
=============================================================
[color=\"#0000FF\"]
Folders to delete:
C:\WINDOWS\system32\winsecurityxp
Registry values to delete:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List | %SystemDir%\\winsecurityxp\\mswinup.exe
[/color]
==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt
* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.
Avenger should now Reboot your computer
Back in Windows
Can I see the new log from Avenger please>>C:\Avenger.txt along with a fresh hijackthis log
Let me know how things are running please
Also, I see know AntiVirus software installed on this computer
Do you have your own to install or do you need a free solution?
It's not safe being without the proper protection online!
Post by: bradfitz on January 15, 2007, 05:23:44 PM
I do not have antivirus installed because I was under the impression that since I was behind a router, I was not at risk... guess I was wrong. I do not have an anti virus program currently and would like your best suggestions on what I should get. Free would of course be nice but I'm willing to pay if it means better protection certainly.
Thank You!
Here is my new avenger log file:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qahedryb
*******************
Script file located at: \??\C:\WINDOWS\kkcecyhi.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Folder C:\WINDOWS\system32\winsecurityxp deleted successfully.
Could not delete registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|%SystemDir%\\winsecurityxp\\mswinup.exe
Deletion of registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|%SystemDir%\\winsecurityxp\\mswinup.exe failed!
Could not process line:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List|%SystemDir%\\winsecurityxp\\mswinup.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Post by: guestolo on January 17, 2007, 08:11:43 PM
YES, you definitely need an AntiVirus software protections on your computer
Can you do the following please
Let's manually remove that entry from the registry please
Go to START>>RUN>>copy and paste the next command below in bold to the open field
regedit /e c:\registrybackup.reg
Hit OK
Let this finish, this will make a backup of the registry to the C: folder
Go to START>>RUN>>type in regedit
Hit OK
We're looking for this registry key in bold below
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\
AuthorizedApplications\List
Expand(+) on the following
+HKEY_LOCAL_MACHINE
+SYSTEM
+CurrentControlSet
+Services
+SharedAccess
+Parameters
+FirewallPolicy
+StandardProfile+
+AuthorizedApplications
Highlight List
Look on the right hand side for the following entry
C:\WINDOWS\system32\winsecurityxp\mswinup.exe
RIGHT CLICK on ONLY that above entry and select DELETE
Exit the registry
Go to the following link
http://www.thetechguide.com/forum/index.php?showtopic=15894 (http://\"http://www.thetechguide.com/forum/index.php?showtopic=15894\")
At the top of the post are recommendations for free AV's
ONLY install one, they all have a free version
After installed, ensure it is updated, run a full system scan letting it clean any infected files
Reboot the computer afterwards
Post back a fresh hijackthis log and let me know how things are running please
Post by: bradfitz on January 22, 2007, 11:50:11 AM
Are there any further actions I need to take on this problem?
Thank You!
Post by: guestolo on January 29, 2007, 11:18:27 PM
Quote
Are there any further actions I need to take on this problem?Yes, let's ensure your log is clean, I asked this in my last post to you
Quote
Post back a fresh hijackthis log and let me know how things are running please
If you can still post the fresh hijackthis log that would be great, let me know how things are going also!
Post by: bradfitz on January 30, 2007, 09:16:24 PM
Logfile of HijackThis v1.99.1
Scan saved at 9:14:13 PM, on 1/30/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Macromedia\Flash MX 2004\Flash.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\~e5d141.tmp
C:\DOCUME~1\Owner\LOCALS~1\Temp\~e5d141.tmp
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Owner\My Documents\My Work\downloads\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm (http://\"http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com (http://\"http://www.gatewaybiz.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com (http://\"http://www.gatewaybiz.com\")
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Cleanup] ;
O4 - HKLM\..\Run: [Gateway Extended Warranty] ;
O4 - HKLM\..\Run: [msci] ;
O4 - HKLM\..\Run: [SSC_UserPrompt] ;
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg (http://\"http://thesecret.tv/movie/player/vivid_ocx.jpeg\")
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab (http://\"http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab\")
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
Post by: guestolo on January 31, 2007, 11:11:00 PM
O4 - HKLM\..\Run: [Cleanup] ;
O4 - HKLM\..\Run: [Gateway Extended Warranty] ;
O4 - HKLM\..\Run: [msci] ;
O4 - HKLM\..\Run: [SSC_UserPrompt] ;
After you have ticked the above entries, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
Reboot the computer
What do you use for AntiVirus software???
Do you have your own to install or do you need a free solution?
It's not safe being online without proper protection!!!
PLEASE, take the time to download your OWN free AV and update it and run a Complete scan
Let it fix whatever it finds, reboot afterwards and post a fresh hijackthis log
ONLY use one AV please
Links found [color=\"#0000FF\"]HERE[/color] (http://\"http://www.thetechguide.com/forum/index.php?showtopic=15894\")
Post by: bradfitz on February 01, 2007, 02:09:30 PM
I installed AVG's anti-virus agent, thanks for the recommendation.
Do I also need a firewall if I'm behind a router?
Thank You.
+++++++++++++
Logfile of HijackThis v1.99.1
Scan saved at 2:05:29 PM, on 2/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Owner\My Documents\My Work\downloads\Hijack This\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm (http://\"http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com (http://\"http://www.gatewaybiz.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com (http://\"http://www.gatewaybiz.com\")
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx (http://\"http://favorites.live.com/quickadd.aspx\")
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg (http://\"http://thesecret.tv/movie/player/vivid_ocx.jpeg\")
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab (http://\"http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab\")
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe
++++++++++
Post by: guestolo on February 04, 2007, 11:37:41 AM
Quote
Do I also need a firewall if I'm behind a router?
A Nat router will filter incoming traffic, so you don't necessarily need a software Firewall
But a good firewall will also filter outgoing traffic
So it's totally up to you
Post by: bradfitz on February 04, 2007, 12:57:28 PM
Post by: guestolo on February 04, 2007, 01:33:24 PM
Go to START>>All Programs>>Accessories>>System Tools>>System Restore
Create a New restore point
Give it a name and click Create
When that's done
Go to START>>RUN>>type the following
cleanmgr
Hit OK
Let if finish calculating
Select the More Options tab
and click Cleanup.. under 'System Restore'
This will clear all later restore points except for the one you just made
Ok the prompts, it may take a few seconds to remove old restore points
Ok again after it's ready and let it finish cleaning
You should give your computer a bit more protection
Install
SpywareBlaster 3.5.1 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
- *Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After updating, select "Protection" on the Left
Then select "Enable all Protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"
You can go ahead and remove the following
Manually delete
Files:
C:/Avenger.txt
Avenger.zip
Avenger.exe
Gmer.zip
Gmer.exe
sreng2.zip
sreng.exe
SdFix.exe
Navigate to C:\Windows\gmer_uninstall.cmd
Double click on gmer_uninstall.cmd>>press any key to continue when prompted
Then manually delete
C:\Windows\gmer_uninstall.cmd <-file
C:\Windows\gmer.ini <-file
You can also delete that registry backup file we created earlier
Right click on
c:\registrybackup.reg <-this file and choose Delete
Folders:
C:\Avenger
C:\SDFix
If you want to remove Hijackthis, remove it from Add/remove programs then manually delete it's folder
I hope that helps
P.S. Be careful what you download from sites and filesharing programs
Have the files scanned first with AVG AntiVirus before opening them
Post by: bradfitz on February 13, 2007, 11:08:49 PM
Thank You!
Post by: guestolo on February 13, 2007, 11:26:34 PM
Take care bradfitz
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />