Author Topic: I Have "win32.p2p-Worm.Alcan.a" -- please help if you can. (Read 3875 times)

bradfitz · « **on:** January 01, 2007, 02:46:17 PM »

Here is my HijackThis Log...

Thanks in advance.

---begin log----

Logfile of HijackThis v1.99.1
Scan saved at 2:45:40 PM, on 1/1/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\AOL\1140813571\ee\AOLSoftware.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\zHotkey.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\My Work\downloads\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1140813571\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [IPHSend] C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [ScreenPrint32] C:\Program Files\ScreenPrint32 v3\ScreenPrint32.exe -startup
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Mixersel] C:\Program Files\Realtek\InstallShield\mixersel.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Democracy Player] C:\Program Files\Participatory Culture Foundation\Democracy Player\Democracy.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

guestolo · « **Reply #1 on:** January 01, 2007, 05:59:25 PM »

Download this file - Combofix.exe and save it too desktop
Double click combofix.exe & follow the prompts.
When finished, it shall produce a log for you. Post the log please
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Post the log from Combofix

bradfitz · « **Reply #2 on:** January 01, 2007, 10:30:52 PM »

Hi guestolo, thanks for the quick reply. Below is the log file from my Combofix scan:

----

Owner - 07-01-01 22:27:10.47 Service Pack 2
ComboFix 06.11.27 - Running from: "C:\Documents and Settings\Owner\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files\winupdates

((((((((((((((((((((((((((((((( Files Created from 2006-12-01 to 2007-01-01 ))))))))))))))))))))))))))))))))))

2007-01-01   15:37   <DIR>   d--------   C:\Program Files\Ashampoo
2007-01-01   15:31   19,584   --a------   C:\Documents and Settings\Owner\agony.sys
2007-01-01   15:29   19,584   --a------   C:\WINDOWS\system32\agony.sys
2007-01-01   15:11   <DIR>   d--------   C:\Program Files\Ace Utilities
2006-12-30   08:37   <DIR>   d--------   C:\Program Files\Windows Media Connect 2
2006-12-30   08:33   <DIR>   d--------   C:\WINDOWS\system32\drivers\UMDF
2006-12-20   09:07   <DIR>   d--------   C:\Documents and Settings\Owner\Application Data\PCF-VLC

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-01-01 21:16   --------   d--------   C:\Program Files\Mozilla Thunderbird
2007-01-01 17:55   --------   d--------   C:\Program Files\Mozilla Firefox
2007-01-01 16:20   --------   d--------   C:\Program Files\Registry Mechanic
2007-01-01 16:11   --------   d--h-----   C:\Program Files\InstallShield Installation Information
2007-01-01 16:11   --------   d--------   C:\Program Files\Common Files\Ulead Systems
2007-01-01 15:57   --------   d--------   C:\Documents and Settings\Owner\Application Data\Azureus
2007-01-01 15:10   --------   d--------   C:\Documents and Settings\Owner\Application Data\Skype
2007-01-01 14:56   --------   d--------   C:\Program Files\Winamp
2007-01-01 14:54   --------   d--------   C:\Program Files\FontExplorerL.M
2006-12-30 14:56   --------   d--------   C:\Documents and Settings\Owner\Application Data\Macromedia
2006-12-30 11:53   --------   d--------   C:\Program Files\Windows Media Player
2006-12-28 19:50   --------   d--------   C:\Documents and Settings\Owner\Application Data\Canon
2006-12-20 14:13   --------   d--------   C:\Program Files\Instant PopOVER V2.0
2006-12-20 09:13   --------   d--------   C:\Program Files\ScreenPrint32 v3
2006-12-20 09:10   --------   d--------   C:\Program Files\GrabIt
2006-12-15 11:50   --------   d--------   C:\Program Files\Internet Explorer
2006-12-07 09:09   --------   d--------   C:\Documents and Settings\Owner\Application Data\.gaim
2006-12-02 09:24   --------   d--------   C:\Program Files\Azureus
2006-11-29 20:27   --------   d--------   C:\Documents and Settings\Owner\Application Data\Publish Providers
2006-11-25 01:29   --------   d--------   C:\Program Files\Common Files
2006-11-25 01:29   --------   d--------   C:\Documents and Settings\Owner\Application Data\COWON
2006-11-24 23:02   --------   d--------   C:\Documents and Settings\Owner\Application Data\Snapfish
2006-11-21 13:20   --------   d--------   C:\Program Files\Common Files\Adobe
2006-11-21 09:57   --------   d--------   C:\Documents and Settings\Owner\Application Data\AdobeAUM
2006-11-21 09:57   --------   d--------   C:\Documents and Settings\Owner\Application Data\Adobe
2006-11-21 09:53   --------   d--------   C:\Program Files\Adobe
2006-11-11 07:47   --------   d--------   C:\Program Files\iTunes
2006-11-11 07:46   --------   d--------   C:\Program Files\QuickTime
2006-11-11 07:46   --------   d--------   C:\Program Files\iPod
2006-11-07 16:29   --------   d--------   C:\Program Files\Gaim
2006-11-07 16:29   --------   d--------   C:\Program Files\Common Files\GTK
2006-11-04 14:14   1245696   --a------   C:\WINDOWS\system32\msxml4.dll
2006-10-31 09:35   73728   --a------   C:\WINDOWS\ALCFDRTM.EXE
2006-10-30 15:25   73216   --a------   C:\WINDOWS\ST6UNST.EXE
2006-10-30 15:25   249856   ---------   C:\WINDOWS\Setup1.exe
2006-10-19 08:56   713216   --a------   C:\WINDOWS\system32\sxs.dll
2006-10-18 21:58   8704   --a------   C:\WINDOWS\system32\wdfmgr.exe
2006-10-18 21:58   8704   --a------   C:\WINDOWS\system32\uwdf.exe
2006-10-18 21:47   99840   --a------   C:\WINDOWS\system32\wmpshell.dll
2006-10-18 21:47   991744   --a------   C:\WINDOWS\system32\drmv2clt.dll
2006-10-18 21:47   937984   --a------   C:\WINDOWS\system32\wmnetmgr.dll
2006-10-18 21:47   8231936   --a------   C:\WINDOWS\system32\wmploc.dll
2006-10-18 21:47   767488   ---------   C:\WINDOWS\system32\WMVSENCD.dll
2006-10-18 21:47   757248   --a------   C:\WINDOWS\system32\WMADMOD.dll
2006-10-18 21:47   7168   --a------   C:\WINDOWS\system32\asferror.dll
2006-10-18 21:47   656896   ---------   C:\WINDOWS\system32\WMVXENCD.dll
2006-10-18 21:47   63488   --a------   C:\WINDOWS\system32\wpdmtpus.dll
2006-10-18 21:47   629760   --a------   C:\WINDOWS\system32\wpd_ci.dll
2006-10-18 21:47   613376   ---------   C:\WINDOWS\system32\wmpmde.dll
2006-10-18 21:47   603648   --a------   C:\WINDOWS\system32\WMSPDMOD.dll
2006-10-18 21:47   542720   --a------   C:\WINDOWS\system32\blackbox.dll
2006-10-18 21:47   535040   ---------   C:\WINDOWS\system32\wmdrmsdk.dll
2006-10-18 21:47   429056   --a------   C:\WINDOWS\system32\wmdrmdev.dll
2006-10-18 21:47   414208   --a------   C:\WINDOWS\system32\msscp.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmvdmoe2.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmvdmod.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\WMVADVE.DLL
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\WMVADVD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmsdmoe2.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wmsdmod.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\wdfapi.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MPG4DMOD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MP4SDMOD.dll
2006-10-18 21:47   4096   --a------   C:\WINDOWS\system32\MP43DMOD.dll
2006-10-18 21:47   38400   ---------   C:\WINDOWS\system32\wpdshextres.dll
2006-10-18 21:47   37376   --a------   C:\WINDOWS\system32\wmdmps.dll
2006-10-18 21:47   35840   --a------   C:\WINDOWS\system32\wpdconns.dll
2006-10-18 21:47   356352   --a------   C:\WINDOWS\system32\wpdsp.dll
2006-10-18 21:47   348672   --a------   C:\WINDOWS\system32\wmdrmnet.dll
2006-10-18 21:47   33792   --a------   C:\WINDOWS\system32\wmdmlog.dll
2006-10-18 21:47   321536   --a------   C:\WINDOWS\system32\mswmdm.dll
2006-10-18 21:47   317440   ---------   C:\WINDOWS\system32\MP4SDECD.dll
2006-10-18 21:47   314880   --a------   C:\WINDOWS\system32\wmpdxm.dll
2006-10-18 21:47   295936   ---------   C:\WINDOWS\system32\wmpeffects.dll
2006-10-18 21:47   284160   ---------   C:\WINDOWS\system32\PortableDeviceApi.dll
2006-10-18 21:47   276992   --a------   C:\WINDOWS\system32\audiodev.dll
2006-10-18 21:47   27136   --a------   C:\WINDOWS\system32\mspmsnsv.dll
2006-10-18 21:47   2603008   ---------   C:\WINDOWS\system32\WpdShext.dll
2006-10-18 21:47   259072   ---------   C:\WINDOWS\system32\MPG4DECD.dll
2006-10-18 21:47   259072   ---------   C:\WINDOWS\system32\MP43DECD.dll
2006-10-18 21:47   2450944   --a------   C:\WINDOWS\system32\wmvcore.dll
2006-10-18 21:47   242688   --a------   C:\WINDOWS\system32\wmpasf.dll
2006-10-18 21:47   229376   --a------   C:\WINDOWS\system32\cewmdm.dll
2006-10-18 21:47   227328   --a------   C:\WINDOWS\system32\wmerror.dll
2006-10-18 21:47   222208   --a------   C:\WINDOWS\system32\wmasf.dll
2006-10-18 21:47   212992   ---------   C:\WINDOWS\system32\MFPLAT.dll
2006-10-18 21:47   211456   --a------   C:\WINDOWS\system32\qasf.dll
2006-10-18 21:47   204288   --a------   C:\WINDOWS\system32\wmpsrcwp.dll
2006-10-18 21:47   199168   ---------   C:\WINDOWS\system32\PortableDeviceWMDRM.dll
2006-10-18 21:47   179712   --a------   C:\WINDOWS\system32\msnetobj.dll
2006-10-18 21:47   175616   --a------   C:\WINDOWS\system32\mspmsp.dll
2006-10-18 21:47   166912   ---------   C:\WINDOWS\system32\PortableDeviceTypes.dll
2006-10-18 21:47   1661440   --a------   C:\WINDOWS\system32\wmpencen.dll
2006-10-18 21:47   1574912   ---------   C:\WINDOWS\system32\WMVENCOD.dll
2006-10-18 21:47   157184   --a------   C:\WINDOWS\system32\wmidx.dll
2006-10-18 21:47   154624   --a------   C:\WINDOWS\system32\wpdmtp.dll
2006-10-18 21:47   1543680   ---------   C:\WINDOWS\system32\WMVDECOD.dll
2006-10-18 21:47   1382912   ---------   C:\WINDOWS\system32\WMVSDECD.dll
2006-10-18 21:47   133632   ---------   C:\WINDOWS\system32\WPDShServiceObj.dll
2006-10-18 21:47   1329152   --a------   C:\WINDOWS\system32\WMSPDMOE.dll
2006-10-18 21:47   132096   ---------   C:\WINDOWS\system32\PortableDeviceWiaCompat.dll
2006-10-18 21:47   130048   ---------   C:\WINDOWS\system32\wmpps.dll
2006-10-18 21:47   11264   --a------   C:\WINDOWS\system32\LAPRXY.dll
2006-10-18 21:47   1117696   --a------   C:\WINDOWS\system32\WMADMOE.dll
2006-10-18 21:47   101888   ---------   C:\WINDOWS\system32\PortableDeviceClassExtension.dll
2006-10-18 20:03   100864   --a------   C:\WINDOWS\system32\logagent.exe
2006-10-18 20:00   249856   ---------   C:\WINDOWS\system32\drmupgds.exe
2006-10-18 20:00   17408   ---------   C:\WINDOWS\system32\wpdshextautoplay.exe
2006-10-13 07:35   142336   --a------   C:\WINDOWS\system32\nwprovau.dll
2006-10-02 15:28   312128   ---------   C:\WINDOWS\system32\msdelta.dll
2006-10-02 14:04   806912   --a------   C:\WINDOWS\system32\divx_xx0c.dll
2006-10-02 14:04   806912   --a------   C:\WINDOWS\system32\divx_xx07.dll
2006-10-02 14:04   790528   --a------   C:\WINDOWS\system32\divx_xx11.dll
2006-10-02 14:04   635486   --a------   C:\WINDOWS\system32\DivX.dll

(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"updateMgr"="\"C:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_7 -reboot 1"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"Second Copy"="\"C:\\PROGRA~1\\SecCopy\\SecCopy.exe\""
"Taskbar Shuffle"="C:\\Program Files\\Taskbar Shuffle\\taskbarshuffle.exe"
"DOpus"="C:\\Program Files\\GPSoftware\\Directory Opus\\dopus.exe"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\not active]
"Democracy Player"="C:\\Program Files\\Participatory Culture Foundation\\Democracy Player\\Democracy.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"Google Desktop Search"="\"C:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe\" /startup"
"KernelFaultCheck"=hex(2):25,73,79,73,74,65,6d,72,6f,6f,74,25,5c,73,79,73,74,\
65,6d,33,32,5c,64,75,6d,70,72,65,70,20,30,20,2d,6b,00
"ShowWnd"="ShowWnd.exe"
"Recguard"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"CHotkey"="zHotkey.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\not active]
"Alcmtr"="ALCMTR.EXE"
"AlcWzrd"="ALCWZRD.EXE"
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"High Definition Audio Property Page Shortcut"="HDAudPropShortcut.exe"
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140813571\\ee\\AOLSoftware.exe"
"IPHSend"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"Mixersel"="C:\\Program Files\\Realtek\\InstallShield\\mixersel.exe"
"Picasa Media Detector"="C:\\Program Files\\Picasa2\\PicasaMediaDetector.exe"
"RemoteControl"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"SoundMan"="SOUNDMAN.EXE"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000004

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,00,01,00,00,00,00,00,00,00,04,00,00,c8,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=dword:40000004
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}"=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoDrives"=hex:c8,01,00,00

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"WD Button Manager"="WDBtnMgr.exe"
"SetIcon"="\\Program Files\\WDC\\SetIcon.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"iTunesHelper"="\"C:\\Program Files\\iTunes\\iTunesHelper.exe\""
"DiskeeperSystray"="\"C:\\Program Files\\Diskeeper Corporation\\Diskeeper\\DkIcon.exe\""
"HostManager"="C:\\Program Files\\Common Files\\AOL\\1140813571\\ee\\AOLSoftware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cleanup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="200583151710_mcappins"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Gateway Extended Warranty]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="GWCares"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msci]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="200583151710_mcinfo"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="UsrPrmpt"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Ace Optimizer Maintenance.job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ISP signup reminder 1.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: 07-01-01 22:29:10.53
C:\ComboFix.txt ... 07-01-01 22:29

guestolo · « **Reply #3 on:** January 02, 2007, 12:43:01 AM »

Can you ensure that Ad-Aware is updated and run a full system scan
Remove all Criticals
Reboot the computer

Can you navigate to these files please
C:\Documents and Settings\Owner\agony.sys <-file
C:\WINDOWS\system32\agony.sys

Can you right click on them and select properties
Version tab if available
Do you know what they're related too?

If not can you scan them at either of the following links
http://virusscan.jotti.org/
OR
http://www.virustotal.com/flash/index_en.html

Use the browse button and navigate to the file on your harddrive
Right click on the file and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scan back here please

Mod Ryan · « **Reply #4 on:** January 02, 2007, 12:48:20 AM »

Hi, i would like to inform you that you have a trojan, "W32/agony.exe-1 -
Trojan-Risk = High

Agony is a newer type of Trojan and was only discovered in december 2006.
What ever anti-virus you have, do a full system scan as questolo says, try and delete it, you might also want to do an "ad-aware scan" , full system , just to make sure you do not have any Spyware.

bradfitz · « **Reply #5 on:** January 02, 2007, 01:43:46 PM »

Here is my Ad Aware log of the scan (which I quarantined):

---

Ad-Aware SE Build 1.06r1
Logfile Created on:Tuesday, January 02, 2007 12:58:24 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R142 02.01.2007
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

References detected during the scan:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
Backdoor.Prorat.16(TAC index:

:18 total references
MRU List(TAC index:0):13 total references
Tracking Cookie(TAC index:3):1 total references
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

1-2-2007 12:58:24 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Owner\recent
Description : list of recently opened documents

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\ahead\nero - burning rom\recent file list
Description : list of recently used files in nero burning rom

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\macromedia\dreamweaver 6\recent file list
Description : list of recently used files in macromedia dreamweaver

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d

MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X

MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\microsoft\windows media\wmsdk\general
Description : windows media sdk

MRU List Object Recognized!
Location: : S-1-5-21-2194748585-1584497749-360572042-1003\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

Listing running processes
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 580
ThreadCreationTime : 1-1-2007 8:33:32 PM
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 652
ThreadCreationTime : 1-1-2007 8:33:38 PM
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 676
ThreadCreationTime : 1-1-2007 8:33:40 PM
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 720
ThreadCreationTime : 1-1-2007 8:33:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 732
ThreadCreationTime : 1-1-2007 8:33:40 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 884
ThreadCreationTime : 1-1-2007 8:33:41 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1000
ThreadCreationTime : 1-1-2007 8:33:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1092
ThreadCreationTime : 1-1-2007 8:33:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1192
ThreadCreationTime : 1-1-2007 8:33:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1340
ThreadCreationTime : 1-1-2007 8:33:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1464
ThreadCreationTime : 1-1-2007 8:33:46 PM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1716
ThreadCreationTime : 1-1-2007 8:33:50 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [msdtc.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1848
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 2001.12.4414.258
ProductVersion : 03.01.00.4414
ProductName : Microsoft Distributed Transaction Coordinator
CompanyName : Microsoft Corporation
FileDescription : MS DTC console program
InternalName : MSDTC.EXE
LegalCopyright : Copyright © Microsoft Corp. 1995-1998
LegalTrademarks : Microsoft® is a registered trademark of Microsoft Corporation. Windows(tm) is a trademark of Microsoft Corporation

#:14 [dkservice.exe]
FilePath : C:\Program Files\Diskeeper Corporation\Diskeeper\
ProcessID : 1920
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 10.0.608.0
ProductVersion : 10.0.608.0
ProductName : Diskeeper (tm) Disk Defragmenter
CompanyName : Diskeeper Corporation
FileDescription : DKSERVICE.EXE
InternalName : DKSERVICE
LegalCopyright : Â© 1995-2006 Diskeeper Corporation
OriginalFilename : DKSERVICE

#:15 [prismxl.sys]
FilePath : C:\Program Files\Common Files\New Boundary\PrismXL\
ProcessID : 1960
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 6.0.3.30
ProductVersion : 6.0.3.30
ProductName : PrismXL Software Family
CompanyName : New Boundary Technologies, Inc.
FileDescription : PrismXL Service
InternalName : PrismXL Service
LegalCopyright : Â© 1997-2004 New Boundary Technologies
OriginalFilename : PrismXL.sys

#:16 [locator.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1996
ThreadCreationTime : 1-1-2007 8:33:54 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Rpc Locator
InternalName : locator.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : locator.exe

#:17 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 148
ThreadCreationTime : 1-1-2007 8:33:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:18 [tablet.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 208
ThreadCreationTime : 1-1-2007 8:33:55 PM
BasePriority : High

#:19 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1084
ThreadCreationTime : 1-1-2007 8:34:03 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:20 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 784
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:21 [googledesktop.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 192
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.

#:22 [aolsoftware.exe]
FilePath : C:\Program Files\Common Files\AOL\1140813571\ee\
ProcessID : 1792
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 1.4.16.3
ProductVersion : 1.4.16.3
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOL
InternalName : AOLSoftware
LegalCopyright : Â© 2006 America Online, Inc.
OriginalFilename : AOLSoftware.exe

#:23 [viewmgr.exe]
FilePath : C:\Program Files\Viewpoint\Viewpoint Manager\
ProcessID : 936
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 42
ProductVersion : 2, 0, 0, 42
ProductName : Viewpoint Manager
CompanyName : Viewpoint Corporation
FileDescription : ViewMgr
InternalName : Viewpoint Manager
LegalCopyright : Copyright Â© 2004
OriginalFilename : ViewMgr.exe
Comments : Viewpoint Manager

#:24 [picasamediadetector.exe]
FilePath : C:\Program Files\Picasa2\
ProcessID : 1044
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 2.5.0
ProductVersion : 2.5.0
ProductName : Picasa
CompanyName : Google Inc.
FileDescription : Picasa
InternalName : Picasa
LegalCopyright : Â© 2004- 2006 Google Inc.
OriginalFilename : Picasa2.exe

#:25 [shwiconem.exe]
FilePath : C:\Program Files\Digital Media Reader\
ProcessID : 964
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Idle
FileVersion : 1, 4, 0, 8
ProductVersion : 1, 4, 0, 8
ProductName : Multimedia Card Reader
CompanyName : Alcor Micro, Corp.
LegalCopyright : Copyright c 2002
Comments : Alcor 9360 4/4.5 Slot XP

#:26 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 968
ThreadCreationTime : 1-1-2007 8:34:04 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 14
ProductVersion : 1, 0, 0, 14
ProductName : Realtek HD Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright © 2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek HD Audio Sound Manager

#:27 [pdvdserv.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 1208
ThreadCreationTime : 1-1-2007 8:34:05 PM
BasePriority : Normal
FileVersion : 5.00.0000
ProductVersion : 5.00.0000
ProductName : PowerDVD
CompanyName : Cyberlink Corp.
FileDescription : PowerDVD RC Service
InternalName : PowerDVD RC Service
LegalCopyright : Copyright © CyberLink Corp. 1997-2002
OriginalFilename : PDVDSERV.EXE

#:28 [zhotkey.exe]
FilePath : C:\WINDOWS\
ProcessID : 1396
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 7
ProductVersion : 3, 0, 0, 0
ProductName : Multimedia Keyboard Driver
FileDescription : Multimedia Keyboard Driver
InternalName : Multimedia Hotkey Driver
LegalCopyright : Copyright © 2004.
OriginalFilename : mHotkey.res

#:29 [alcwzrd.exe]
FilePath : C:\WINDOWS\
ProcessID : 1556
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 1.1.0.15
ProductVersion : 1.1.0.15
ProductName : ALCWZRD
CompanyName : RealTek Semicoductor Corp.
FileDescription : RealTek AlcWzrd Application
InternalName : ALCWZRD.EXE
LegalCopyright : Copyright © 2003-2004 Realtek Semiconductor Corp.
OriginalFilename : ALCWZRD.EXE

#:30 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1660
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 7.1.3
ProductVersion : QuickTime 7.1.3
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
FileDescription : QuickTime Task
InternalName : QuickTime Task
LegalCopyright : Copyright Apple Computer, Inc. 1989-2006
OriginalFilename : QTTask.exe

#:31 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 1664
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : Â© 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:32 [googledesktopindex.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 1700
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.

#:33 [seccopy.exe]
FilePath : C:\PROGRA~1\SecCopy\
ProcessID : 844
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 7.0.0.163
ProductVersion : 7.0
ProductName : Second Copy
CompanyName : Centered Systems
FileDescription : SecCopy
InternalName : SecCopy
LegalCopyright : Â© 1991-2006 All rights reserved
LegalTrademarks : Second Copy Â®
OriginalFilename : SecCopy.exe

#:34 [taskbarshuffle.exe]
FilePath : C:\Program Files\Taskbar Shuffle\
ProcessID : 1804
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 2.0.0.164
ProductVersion : 1.0.0.0
ProductName : Taskbar Shuffle
CompanyName : Jay Elaraj
FileDescription : Taskbar Shuffle
InternalName : taskbarshuffle.exe
LegalCopyright : Copyright © 2006

#:35 [dopus.exe]
FilePath : C:\Program Files\GPSoftware\Directory Opus\
ProcessID : 1512
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 8, 2, 2, 4
ProductName : Directory Opus
CompanyName : GP Software
FileDescription : Directory Opus 8
InternalName : dopus
LegalCopyright : Copyright Â© 1999-2006 GP Software
LegalTrademarks : Directory Opus, Opus, DOpus, DirOpus, OpusPC, PCOpus are trademarks of GP Software
OriginalFilename : dopus.exe

#:36 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1936
ThreadCreationTime : 1-1-2007 8:34:06 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:37 [suitcase.exe]
FilePath : C:\Program Files\Extensis\Suitcase 9.2\
ProcessID : 2108
ThreadCreationTime : 1-1-2007 8:34:07 PM
BasePriority : Normal
FileVersion : 9.2
ProductVersion : 9.2
ProductName : Suitcase 9.2
CompanyName : Extensis Products Group
FileDescription : Suitcase for Windows
InternalName : Suitcase
LegalCopyright : Copyright Â© 2003 Extensis Products Group
OriginalFilename : Suitcase.exe

#:38 [tabuserw.exe]
FilePath : C:\WINDOWS\system32\WTablet\
ProcessID : 2124
ThreadCreationTime : 1-1-2007 8:34:07 PM
BasePriority : Normal
FileVersion : 4.91-2
ProductVersion : 4.91-2
ProductName : Wacom Technology, Corp. TABUSERW
CompanyName : Wacom Technology, Corp.
FileDescription : TABUSERW
InternalName : TABUSERW
LegalCopyright : Copyright Â© 1997,1998,1999,2000,2001,2002,2003,2004,2005 Wacom Technology, Corp.
OriginalFilename : TABUSERW.EXE

#:39 [googledesktopcrawl.exe]
FilePath : C:\Program Files\Google\Google Desktop Search\
ProcessID : 2300
ThreadCreationTime : 1-1-2007 8:34:09 PM
BasePriority : Normal
FileVersion : 4.2006.1008.2039
ProductVersion : 4.2006.1008.2039
ProductName : Google Desktop
CompanyName : Google
FileDescription : Google Desktop
InternalName : Google Desktop
LegalCopyright : Copyright © 2003-2006 Google. All Rights Reserved.

#:40 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2376
ThreadCreationTime : 1-1-2007 8:34:10 PM
BasePriority : Normal
FileVersion : 7.0.2.16
ProductVersion : 7.0.2.16
ProductName : iTunes
CompanyName : Apple Computer, Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : Â© 2003-2006 Apple Computer, Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:41 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 3344
ThreadCreationTime : 1-1-2007 8:34:46 PM
BasePriority : Normal

#:42 [taskpl~1.exe]
FilePath : C:\PROGRA~1\Ashampoo\ASHAMP~1\
ProcessID : 2504
ThreadCreationTime : 1-1-2007 8:37:57 PM
BasePriority : Normal

#:43 [dfrgfat.exe]
FilePath : C:\Program Files\Diskeeper Corporation\Diskeeper\
ProcessID : 1712
ThreadCreationTime : 1-1-2007 9:31:46 PM
BasePriority : Normal
FileVersion : 10.0.608.0
ProductVersion : 10.0.608.0
ProductName : Diskeeper (tm) Disk Defragmenter
CompanyName : Diskeeper Corporation
FileDescription : DFRGFAT.EXE
InternalName : DFRGFAT
LegalCopyright : Â© 1995-2006 Diskeeper Corporation
OriginalFilename : DFRGFAT

#:44 [notepad.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2664
ThreadCreationTime : 1-2-2007 3:29:13 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : MicrosoftÂ® WindowsÂ® Operating System
CompanyName : Microsoft Corporation
FileDescription : Notepad
InternalName : Notepad
LegalCopyright : Â© Microsoft Corporation. All rights reserved.
OriginalFilename : NOTEPAD.EXE

#:45 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1608
ThreadCreationTime : 1-2-2007 5:57:15 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright Â© Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 13

Started registry scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Registry Scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 13

Started deep registry scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Deep registry scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 13

Started Tracking Cookie scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : owner@live365[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:[email protected]/
Expires : 1-6-2012 12:38:10 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking cookie scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 1
Objects found so far: 14

Deep scanning and examining files (C:)
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Backdoor.Prorat.16 Object Recognized!
Type : File
Data : A0048589.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\

Disk Scan Result for C:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (D:)
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Disk Scan Result for D:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 15

Deep scanning and examining files (K:)
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Disk Scan Result for K:\
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 0
Objects found so far: 15

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Hosts file scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
1 entries scanned.
New critical objects:0
Objects found so far: 15

Performing conditional scans...
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Backdoor.Prorat.16 Object Recognized!
Type : Regkey
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : FW_KILL

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : XP_FW_Disable

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : XP_SYS_Recovery

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ICQ_UIN

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ICQ_UIN2

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Kurban_Ismi

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Mail

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Online_List

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Port

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Sifre

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Hata

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : KSil

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : LanNotifie

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : Tport

Backdoor.Prorat.16 Object Recognized!
Type : RegValue
Data :
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\windows nt script host\microsoft dxdiag\winsettings
Value : ServerVersionInt

Backdoor.Prorat.16 Object Recognized!
Type : RegData
Data : explorer.exe
TAC Rating : 8
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows nt\currentversion\winlogon
Value : Shell
Data : explorer.exe

Conditional scan result:
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
New critical objects: 17
Objects found so far: 32

1:21:59 PM Scan Complete

Summary Of This Scan
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»
Total scanning time:00:23:34.714
Objects scanned:353662
Objects identified:19
Objects ignored:0
New critical objects:19

---------

bradfitz · « **Reply #6 on:** January 02, 2007, 01:47:00 PM »

And here are the results of the http://virusscan.jotti.org/ scan I ran on the following file:

C:\Documents and Settings\Owner\agony.sys.

Scan results:

----

AntiVir
Found RKIT/Agony.A
ArcaVir
Found Trojan.Rootkit.Agent.Cs
Avast
Found Win32:Agent-CWS
AVG Antivirus
Found nothing
BitDefender
Found Rootkit.Agony.A
ClamAV
Found nothing
Dr.Web
Found Trojan.NtRootKit.184
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
Fortinet
Found RKPort!tr
Kaspersky Anti-Virus
Found nothing
NOD32
Found probably unknown NewHeur_PE (probable variant)
Norman Virus Control
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing

-----

Mod Ryan · « **Reply #7 on:** January 02, 2007, 01:54:54 PM »

Quote

Deep scanning and examining files (C:)
Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»Â»

Backdoor.Prorat.16 Object Recognized!
Type : File
Data : A0048589.dll
TAC Rating : 8
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\

Backdoor.prorat.16 is a type of RAT, just as i suspected, you have a "Remote-Access-Trojan", they arn't easy to get rid of, especially when it has spread to the diffrent locations you'rs has, could you do this for me and post what comes up START>>>RUN>>>Type "Command">>> "Netstat -a"
once you have done this please post the ports that have come up.
i once had an RAT not too long ago lol, thats' how i know how to remove them

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/wink.gif\' class=\'bbc_emoticon\' alt=\'

\' />

Mod Ryan · « **Reply #8 on:** January 02, 2007, 01:58:50 PM »

Types of RATs

The most popular RATs, such as Back Orifice or SubSeven, are all-in-one intruder toolshops that do everythingâ€”capture screen, sound, and video content. These Trojans are key loggers, remote controllers, FTP servers, HTTP servers, Telnet servers, and password finders. Intruders can configure the IP port the RATs listen on, how the RATs execute, and whether the RATs contact the originator by using email, Internet Relay Chat (IRC), or another chat mechanism. The more malicious RATs contain rogue mechanisms that hide the Trojans from prying eyes, encrypt communications, and contain professional-looking APIs so that other intruder developers can insert additional functionality. These RATs' aggressive functionality makes them largerâ€”often 100KB to 300KBâ€”and somewhat riskier for the intruder to install without anyone noticing.

bradfitz · « **Reply #9 on:** January 02, 2007, 03:02:53 PM »

Sounds just lovely.

Thanks for the quick response and helpful assistance Ryan.

Here is the result.. hopefully I did it right and it's what you're looking for. If not let me know.

------

Active Connections

Proto Local Address Foreign Address State
TCP BFWORK:epmap BFWORK:0 LISTENING
TCP BFWORK:microsoft-ds BFWORK:0 LISTENING
TCP BFWORK:2869 BFWORK:0 LISTENING
TCP BFWORK:31038 BFWORK:0 LISTENING
TCP BFWORK:1025 BFWORK:0 LISTENING
TCP BFWORK:1086 localhost:1087 ESTABLISHED
TCP BFWORK:1087 localhost:1086 ESTABLISHED
TCP BFWORK:1088 localhost:1089 ESTABLISHED
TCP BFWORK:1089 localhost:1088 ESTABLISHED
TCP BFWORK:1225 localhost:1226 ESTABLISHED
TCP BFWORK:1226 localhost:1225 ESTABLISHED
TCP BFWORK:4664 BFWORK:0 LISTENING
TCP BFWORK:netbios-ssn BFWORK:0 LISTENING
TCP BFWORK:1234 f4.4.5546.static.theplanet.com:http CLOSE_WAIT
TCP BFWORK:1387 he-in-f104.google.com:http ESTABLISHED
TCP BFWORK:1388 he-in-f104.google.com:http ESTABLISHED
TCP BFWORK:1402 va-in-f104.google.com:http TIME_WAIT
TCP BFWORK:1419 va-in-f99.google.com:http ESTABLISHED
TCP BFWORK:1439 72.14.253.91:http ESTABLISHED
TCP BFWORK:1469 worldwidebrands.com:http ESTABLISHED
TCP BFWORK:1470 worldwidebrands.com:http ESTABLISHED
TCP BFWORK:1478 va-in-f99.google.com:http ESTABLISHED
UDP BFWORK:microsoft-ds *:*
UDP BFWORK:1042 *:*
UDP BFWORK:1055 *:*
UDP BFWORK:1243 *:*
UDP BFWORK:1900 *:*
UDP BFWORK:netbios-ns *:*
UDP BFWORK:netbios-dgm *:*
UDP BFWORK:1900 *:*

C:\DOCUME~1\OWNER>

bradfitz · « **Reply #10 on:** January 02, 2007, 03:05:22 PM »

Also, I don't know how relevant this is, but I currently have no sound on my computer. When I try to run windows media player, I get this message:

"Windows Media Player cannot play the file because there is a problem with your sound device. There might not be a sound device installed on your computer, it might be in use by another program, or it might not be functioning properly."

Mod Ryan · « **Reply #11 on:** January 02, 2007, 08:28:57 PM »

Do a check test with these common trojan ports, if one matches, close the port,
Also changing you'r IP address might help, plus, you have a alot of port holes open, how many internet application are you running there?

Trojan Name   Port

BO jammerkillahV


121

NukeNabber


139

Intruders Paradise


456

Stealth Spy


555

Phase0


555

NeTadmin


555

Satanz Backdoor


666

Attack FTP


666

AIMSpy


777

Der Spaeher


1000

Silencer


1001

WebEx


1001

Doly Trojan


1011

Doly Trojan


1015

Netspy


1033

Bla 1.1


1042

Psyber Stream Server


1170

Streaming Audio Trojan


1170

SoftWar


1207

Ultors Trojan


1234

SubSeven


1243

VooDoo Doll


1245

GabanBus


1245

NetBus


1245

Maverick's Matrix


1269

FTP99CMP


1492

Psyber Streaming Server


1509

Shiva Burka


1600

SpySender


1807

ShockRave


1981

BackDoor


1999

Transcout


1999

Der Spaeher


2000

Trojan Cow


2001

Pass Ripper


2023

Bugs


2115

Deep Throat


2140

The Invasor


2140

HVL Rat5


2283

Striker


2565

Wincrash2


2583

The Prayer


2716

Phineas


2801

Portal of Doom


3700

Total Eclypse


3791

WinCrash


4092

FileNail


4567

IcqTrojan


4950

Sockets de Troie


5000

Sockets de Troie 1.x


5001

OOTLT Cart


5011

NetMetro


5031

Firehotcker


5321

BackConstruction 1.2


5400

BladeRunner


5400

Blade Runner 1.x


5401

Blade Runner 2.x


5402

Illusion Mailer


5521

Xtcp


5550

RoboHack


5569

Wincrash


5742

The thing


6000

The thing


6400

Vampire


6669

Host Control


6669

DeepThroat


6670

DeepThroat


6771

DeltaSource


6883

Heep


6912

Indoctrination


6939

GateCrasher


6969

Priority


6969

Remote Grab


7000

NetMonitor


7300

NetMonitor 1.x


7301

NetMonitor 2.x


7306

NetMonitor 3.x


7307

NetMonitor 4.x


7308

Qaz


7597

ICQKiller


7789

InCommand


9400

Portal of Doom


9872

END,

i hope this list helps,
also, "comodo firewall" is a great way to break links in ports, it also has a high setting to block all internet traffic, it's great and is a very usefull program.

Mod Ryan · « **Reply #12 on:** January 02, 2007, 08:31:12 PM »

i dont really know about you'r sound, maybe check you'r sound card is inserted correctly, there can't be much wrong with that only something general is what i'm thinking,

if all else fails, try a diffrent media center,
Do u get sound when u log into windows? (Windows startup melody)

guestolo · « **Reply #13 on:** January 03, 2007, 12:46:22 AM »

Can you post a couple other logs for me please

Download [color=\"#0000FF\"]gmer.zip[/color]
Unzip it to the desktop.
Double click on gmer.exe

Click on Scan.
DO NOT select 'Show All'
When the scan has run click Copy and paste the results (if any) into this thread

After you post those results, can you also run the following
Download SREng
http://www.kztechs.com/sreng/sreng2.zip

Extract it to Desktop and double click SREng.exe to run it
Select: Smart Scan and click on the [Scan] button.
Let the scan finish, may take a couple minutes

When finished, click on the 'Save Reports' button and save the log to Desktop

Please post the SREng log in your reply.

It may take more than one reply to post the above 2 logs

bradfitz · « **Reply #14 on:** January 08, 2007, 03:40:01 PM »

ooops

bradfitz · « **Reply #15 on:** January 08, 2007, 03:42:22 PM »

Thank You.

I tried posting my GMER log dierctly into the forum but the browser kept crashing, even when I tried to do it in multiple parts so I will post it on my own server and link to it here:

http://bradfitzpatrick.com/BFGMER_log_.txt

bradfitz · « **Reply #16 on:** January 08, 2007, 03:44:17 PM »

And here is the log from my SREng Scan:

---begin---

Code: [Select]

2007-01-08,15:40:46

System Repair Engineer 2.3.13.690
Smallfrogs (http://www.KZTechs.com)

Windows XP Home Edition Service Pack 2 (Build 2600)
 - Administrative User - Completed Functions Allowed

Follow item(s) have been choosed:
	All Boot Items (Including Registry, Startup Folders, Services and so on)
	Browser Add-ons
	Runing Processes (Including process model information)
	File Associations
	Winsock Provider
	Autorun.Inf
	HOSTS File


Boot Items
Registry
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
	<updateMgr><"C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1>  [N/A]
	<STYLEXP><C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide>  [N/A]
	<Second Copy><"C:\PROGRA~1\SecCopy\SecCopy.exe">  [Centered Systems]
	<Taskbar Shuffle><C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe>  [Jay Elaraj]
	<DOpus><C:\Program Files\GPSoftware\Directory Opus\dopus.exe>  [(Verified)GP Software]
	<ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [(Verified)Microsoft Corporation]
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<load><>  [N/A]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
	<Google Desktop Search><"C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup>  [Google]
	<KernelFaultCheck><%systemroot%\system32\dumprep 0 -k>  [N/A]
	<ShowWnd><ShowWnd.exe>  [N/A]
	<Recguard><%WINDIR%\SMINST\RECGUARD.EXE>  []
	<NeroFilterCheck><C:\WINDOWS\system32\NeroCheck.exe>  [Ahead Software Gmbh]
	<IgfxTray><C:\WINDOWS\system32\igfxtray.exe>  [(Verified)Intel Corporation]
	<HotKeysCmds><C:\WINDOWS\system32\hkcmd.exe>  [(Verified)Intel Corporation]
	<CHotkey><zHotkey.exe>  []
	<QuickTime Task><"C:\Program Files\QuickTime\qttask.exe" -atboottime>  [Apple Computer, Inc.]
	<iTunesHelper><"C:\Program Files\iTunes\iTunesHelper.exe">  [(Verified)Apple Computer, Inc.]
	<High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
	<High Definition Audio Property Page Shortcut><HDAShCut.exe>  [(Verified)Windows (R) Server 2003 DDK provider]
	<SoundMan><SOUNDMAN.EXE>  [(Verified)Realtek Semiconductor Corp.]
	<AlcWzrd><ALCWZRD.EXE>  [RealTek Semicoductor Corp.]
	<Alcmtr><ALCMTR.EXE>  [(Verified)Realtek Semiconductor Corp.]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<shell><explorer.exe>  [(Verified)Microsoft Corporation]
	<Userinit><userinit.exe>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
	<AppInit_DLLs><C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL>  [Google]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
	<UIHost><LogonUI.EXE>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
	<{3CF9ECE0-1A9F-11D2-8C73-00C06C2005DE}><C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll>  [(Verified)GP Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
	<WPDShServiceObj><C:\WINDOWS\system32\WPDShServiceObj.dll>  [(Verified)Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
	<WinlogonNotify: WgaLogon><WgaLogon.dll>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
	<Cleanup><; >  [N/A]
	<Gateway Extended Warranty><; >  [N/A]
	<msci><; >  [N/A]
	<SSC_UserPrompt><; >  [N/A]

==================================
Startup Folders
[Adobe Gamma Loader]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk --> C:\PROGRA~1\COMMON~1\Adobe\CALIBR~1\ADOBEG~1.EXE [Adobe Systems, Inc.]><N>
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk --> C:\PROGRA~1\Adobe\ACROBA~2.0\Reader\READER~1.EXE [Adobe Systems Incorporated]><N>
[Suitcase Startup]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Suitcase Startup.lnk --> C:\PROGRA~1\Extensis\SUITCA~1.2\Suitcase.exe [Extensis Products Group]><N>
[TabUserW.exe]
  <C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TabUserW.exe.lnk --> C:\WINDOWS\system32\WTablet\TabUserW.exe [Wacom Technology, Corp.]><N>

==================================
Services
[Adobe LM Service / Adobe LM Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe"><Adobe Systems>
[Application Management / AppMgmt][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\appmgmts.dll><N/A>
[ATM Service / ATMsrvc][Stopped/Disabled]
  <C:\WINDOWS\System32\ATMsrvc.exe><Adobe Systems Incorporated>
[Diskeeper / Diskeeper][Running/Auto Start]
  <"C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe"><Diskeeper Corporation>
[Logical Disk Manager Administrative Service / dmadmin][Stopped/Manual Start]
  <C:\WINDOWS\System32\dmadmin.exe /com><Microsoft Corp., Veritas Software>
[Human Interface Device Access / HidServ][Stopped/Disabled]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\hidserv.dll><N/A>
[InstallDriver Table Manager / IDriverT][Stopped/Manual Start]
  <"C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"><Macrovision Corporation>
[iPod Service / iPod Service][Running/Manual Start]
  <"C:\Program Files\iPod\bin\iPodService.exe"><Apple Computer, Inc.>
[Macromedia Licensing Service / Macromedia Licensing Service][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[Network Location Awareness (NLA) / Nla][Running/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\System32\mswsock.dll><Microsoft Corporation>
[Removable Storage / NtmsSvc][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\ntmssvc.dll><Microsoft Corporation>
[Microsoft Office Diagnostics Service / odserv][Stopped/Manual Start]
  <"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE"><Microsoft Corporation>
[PrismXL / PrismXL][Running/Auto Start]
  <C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS><New Boundary Technologies, Inc.>
[Retrospect Launcher / RetroLauncher][Stopped/Disabled]
  <C:\Program Files\Dantz\Retrospect\retrorun.exe><Dantz Development Corporation>
[Retrospect WD Service / RetroWDSvc][Stopped/Disabled]
  <C:\PROGRA~1\Dantz\RETROS~1\wdsvc.exe><Dantz Development Corporation>
[StyleXPService / StyleXPService][Stopped/Auto Start]
  <"C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe"><>
[TabletService / TabletService][Running/Auto Start]
  <C:\WINDOWS\system32\Tablet.exe><Wacom Technology, Corp.>
[Telephony / TapiSrv][Running/Manual Start]
  <C:\WINDOWS\System32\svchost.exe -k netsvcs-->%SystemRoot%\System32\tapisrv.dll><Microsoft Corporation>
[Universal Plug and Play Device Host / upnphost][Stopped/Manual Start]
  <C:\WINDOWS\system32\svchost.exe -k LocalService-->%SystemRoot%\System32\upnphost.dll><Microsoft Corporation>
[Windows Management Instrumentation / winmgmt][Running/Auto Start]
  <C:\WINDOWS\system32\svchost.exe -k netsvcs-->%SystemRoot%\system32\wbem\WMIsvc.dll><Microsoft Corporation>

==================================
Drivers
[abp480n5 / abp480n5][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ABP480N5.SYS><Microsoft Corporation>
[adpu160m / adpu160m][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\adpu160m.sys><Microsoft Corporation>
[agony / agony][Running/Manual Start]
  <\??\C:\WINDOWS\system32\agony.sys><N/A>
[Aha154x / Aha154x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aha154x.sys><Microsoft Corporation>
[aic78u2 / aic78u2][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aic78u2.sys><Microsoft Corporation>
[aic78xx / aic78xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aic78xx.sys><Microsoft Corporation>
[AliIde / AliIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\aliide.sys><Acer Laboratories Inc.>
[AMD AGP Bus Filter Driver / amdagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\amdagp.sys><Advanced Micro Devices, Inc.>
[asc / asc][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc.sys><Advanced System Products, Inc.>
[asc3350p / asc3350p][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3350p.sys><Microsoft Corporation>
[asc3550 / asc3550][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\asc3550.sys><Advanced System Products, Inc.>
[ASPI32 / ASPI32][Running/Auto Start]
  <System32\drivers\aspi32.sys><Adaptec>
[Audio Stub Driver / audstub][Running/Manual Start]
  <system32\DRIVERS\audstub.sys><Microsoft Corporation>
[cd20xrnt / cd20xrnt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cd20xrnt.sys><Microsoft Corporation>
[CmdIde / CmdIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\cmdide.sys><CMD Technology, Inc.>
[dac2w2k / dac2w2k][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dac2w2k.sys><Mylex Corporation>
[dpti2o / dpti2o][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\dpti2o.sys><Microsoft Corporation>
[Intel(R) PRO Adapter Driver / E100B][Running/Manual Start]
  <system32\DRIVERS\e100b325.sys><Intel Corporation>
[GEARAspiWDM / GEARAspiWDM][Running/Manual Start]
  <System32\Drivers\GEARAspiWDM.sys><GEAR Software Inc.>
[Microsoft UAA Function Driver for High Definition Audio Service / HdAudAddService][Stopped/Manual Start]
  <system32\drivers\HdAudio.sys><Windows (R) Server 2003 DDK provider>
[Microsoft UAA Bus Driver for High Definition Audio / HDAudBus][Running/Manual Start]
  <system32\DRIVERS\HDAudBus.sys><Windows (R) Server 2003 DDK provider>
[HSFHWBS2 / HSFHWBS2][Running/Manual Start]
  <system32\DRIVERS\HSFHWBS2.sys><Conexant Systems, Inc.>
[HSF_DP / HSF_DP][Running/Manual Start]
  <system32\DRIVERS\HSF_DP.sys><Conexant Systems, Inc.>
[ialm / ialm][Stopped/Manual Start]
  <system32\DRIVERS\ialmnt5.sys><Intel Corporation>
[Hauppauge WinTV PVR USB2 Encoder / iComp][Stopped/Manual Start]
  <system32\DRIVERS\HCWUSB2.sys><Hauppauge Computer Works, Inc.>
[ini910u / ini910u][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ini910u.sys><Microsoft Corporation>
[WD Bridge Controller Driver / inibtmgr][Stopped/Manual Start]
  <system32\DRIVERS\inibtmgr.sys><Western Digital>
[Service for Realtek HD Audio (WDM) / IntcAzAudAddService][Running/Manual Start]
  <system32\drivers\RtkHDAud.sys><Realtek Semiconductor Corp.>
[PnP ISA/EISA Bus Driver / isapnp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\isapnp.sys><Microsoft Corporation>
[Jukebox / Jukebox][Stopped/Manual Start]
  <system32\DRIVERS\ctpdusb2.sys><Creative Technology Ltd.>
[mdmxsdk / mdmxsdk][Running/Auto Start]
  <system32\DRIVERS\mdmxsdk.sys><Conexant>
[Mouse HID Driver / mouhid][Running/Manual Start]
  <system32\DRIVERS\mouhid.sys><Microsoft Corporation>
[mraid35x / mraid35x][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\mraid35x.sys><American Megatrends Inc.>
[MRxSmb / MRxSmb][Running/System Start]
  <system32\DRIVERS\mrxsmb.sys><Microsoft Corporation>
[Macronix MX987xx Family Fast Ethernet NT Driver / mxnic][Stopped/Manual Start]
  <system32\DRIVERS\mxnic.sys><Macronix International Co., Ltd.>
[Remote Access NDIS TAPI Driver / NdisTapi][Running/Manual Start]
  <system32\DRIVERS\ndistapi.sys><Microsoft Corporation>
[NetBios over Tcpip / NetBT][Running/System Start]
  <system32\DRIVERS\netbt.sys><Microsoft Corporation>
[nv / nv][Running/Manual Start]
  <system32\DRIVERS\nv4_mini.sys><NVIDIA Corporation>
[Pen Class / PenClass][Running/Boot Start]
  <\SystemRoot\system32\Drivers\PenClass.sys><Wacom Technology Corporation>
[Direct Parallel Link Driver / Ptilink][Running/Manual Start]
  <system32\DRIVERS\ptilink.sys><Parallel Technologies, Inc.>
[PxHelp20 / PxHelp20][Running/Boot Start]
  <\SystemRoot\System32\Drivers\PxHelp20.sys><Sonic Solutions>
[ql1080 / ql1080][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1080.sys><QLogic Corporation>
[Ql10wnt / Ql10wnt][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql10wnt.sys><Microsoft Corporation>
[ql12160 / ql12160][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql12160.sys><QLogic Corporation>
[ql1280 / ql1280][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ql1280.sys><QLogic Corporation>
[Secdrv / Secdrv][Stopped/Manual Start]
  <system32\DRIVERS\secdrv.sys><N/A>
[SIS AGP Bus Filter / sisagp][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sisagp.sys><Silicon Integrated Systems Corporation>
[Sony USB Filter Driver (SONYPVU1) / SONYPVU1][Stopped/Manual Start]
  <system32\DRIVERS\SONYPVU1.SYS><Sony Corporation>
[Sparrow / Sparrow][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sparrow.sys><Adaptec, Inc.>
[StyleXPHelper / StyleXPHelper][Running/System Start]
  <\??\C:\Program Files\TGTSoft\StyleXP\StyleXPHelper.exe><Windows (R) 2000 DDK provider>
[Alcor Micro Corp Reader / SunkFilt][Running/Manual Start]
  <\??\C:\WINDOWS\System32\Drivers\sunkfilt.sys><Alcor Micro Corp.>
[symc810 / symc810][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc810.sys><Symbios Logic Inc.>
[symc8xx / symc8xx][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\symc8xx.sys><LSI Logic>
[sym_hi / sym_hi][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_hi.sys><LSI Logic>
[sym_u3 / sym_u3][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\sym_u3.sys><LSI Logic>
[TosIde / TosIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\toside.sys><Microsoft Corporation>
[ultra / ultra][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\ultra.sys><Promise Technology, Inc.>
[ViaIde / ViaIde][Running/Boot Start]
  <\SystemRoot\system32\DRIVERS\viaide.sys><Microsoft Corporation>
[WAN Miniport (ATW) / wanatw][Stopped/Manual Start]
  <system32\DRIVERS\wanatw4.sys><N/A>
[winachsf / winachsf][Running/Manual Start]
  <system32\DRIVERS\HSF_CNXT.sys><Conexant Systems, Inc.>
[World Standard Teletext Codec / WSTCODEC][Stopped/Manual Start]
  <system32\DRIVERS\WSTCODEC.SYS><Microsoft Corporation>

==================================
Browser Add-ons
[HelperObject Class]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation>
[&Research]
  {92780B25-18CC-41C8-B9BE-3C9C571A8263} <C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL, Microsoft Corporation>
[Real.com]
  {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} <C:\WINDOWS\system32\Shdocvw.dll, Microsoft Corporation>
[Messenger]
  {FB5F1910-F110-11d2-BB9E-00C04F795683} <C:\Program Files\Messenger\msmsgs.exe, Microsoft Corporation>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation>
[]
  {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} <C:\WINDOWS\system32\macromed\download\Download.dll, Macromedia, Inc.>
[ActiveScan Installer Class]
  {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} <C:\WINDOWS\Downloaded Program Files\asinst.dll, Panda Software>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[ASPRO Installer Class]
  {D6376DD2-C2BD-49B2-A1B1-138F869633F3} <C:\WINDOWS\Downloaded Program Files\ASPROinst.dll, Panda Software>
[HelperObject Class]
  {00C6482D-C502-44C8-8409-FCE54AD9C208} <C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll, TechSmith Corporation>
[SnagIt]
  {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} <C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll, TechSmith Corporation>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash9b.ocx, Adobe Systems, Inc.>
[Add to Windows &Live Favorites]
  <http://favorites.live.com/quickadd.aspx, N/A>
[E&xport to Microsoft Excel]
  <res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000, N/A>

==================================
Running Processes
[PID: 536][\SystemRoot\System32\smss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 680][\??\C:\WINDOWS\system32\csrss.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 704][\??\C:\WINDOWS\system32\winlogon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\igfxsrvc.dll]  [Intel Corporation, 3.0.0.3889]
	[C:\WINDOWS\system32\hccutils.DLL]  [Intel Corporation, 3.0.0.3889]
[PID: 748][C:\WINDOWS\system32\services.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 760][C:\WINDOWS\system32\lsass.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 916][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1028][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1120][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1220][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1356][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1504][C:\WINDOWS\system32\spoolsv.exe]  [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)]
	[C:\WINDOWS\system32\CNMLM4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\PRTPROCS\W32X86\CNMPD4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR4d.DLL]  [CANON INC., 1.62.2.2]
[PID: 1636][C:\WINDOWS\system32\msdtc.exe]  [Microsoft Corporation, 2001.12.4414.258]
[PID: 1708][C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\DKLib.dll]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\GetFATExtents.dll]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\1033\DkRes.dll]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\Tab.dll]  [DiskeeperÂ® Corporation., 1.0.37.0]
	[C:\Program Files\Diskeeper Corporation\Diskeeper\DkTabProvider.dll]  [Diskeeper Corporation, 10.0.608.0]
	[C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS]  [New Boundary Technologies, Inc., 6.0.3.30]
[PID: 1776][C:\WINDOWS\system32\locator.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 1860][C:\WINDOWS\system32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\WINDOWS\system32\CNQU86.DLL]  [CANON INC., 1, 0, 2, 3]
	[C:\WINDOWS\system32\CNQL3203.DLL]  [, 1, 0, 0, 5]
[PID: 1916][C:\WINDOWS\system32\Tablet.exe]  [Wacom Technology, Corp., 4.91-2]
[PID: 448][C:\WINDOWS\System32\alg.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 396][C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
[PID: 812][C:\WINDOWS\zHotkey.exe]  [, 3, 0, 0, 7]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
[PID: 1144][C:\Program Files\QuickTime\qttask.exe]  [Apple Computer, Inc., 7.1.3]
[PID: 824][C:\Program Files\iTunes\iTunesHelper.exe]  [Apple Computer, Inc., 7.0.2.16]
	[C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL]  [Apple Computer, Inc., 7.0.2.16]
	[C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL]  [Apple Computer, Inc., 7.0.2.16]
[PID: 1736][C:\WINDOWS\SOUNDMAN.EXE]  [Realtek Semiconductor Corp., 1, 0, 0, 17]
[PID: 1524][C:\WINDOWS\ALCWZRD.EXE]  [RealTek Semicoductor Corp., 1.1.0.23]
[PID: 2076][C:\PROGRA~1\SecCopy\SecCopy.exe]  [Centered Systems, 7.0.0.163]
[PID: 2092][C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe]  [Jay Elaraj, 2.0.0.164]
	[C:\Program Files\Taskbar Shuffle\tbhookin.dll]  [, 2.0.0.469]
[PID: 2100][C:\Program Files\GPSoftware\Directory Opus\dopus.exe]  [GP Software, 2, 0, 0, 0]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\Program Files\GPSoftware\Directory Opus\dopusbch.dll]  [Jan van den Baard, modifications (with permission) by GP Software, 6, 0, 0, 4]
	[C:\Program Files\GPSoftware\Directory Opus\exif.dll]  [GP Software, 1, 0, 0, 6]
	[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
	[C:\Program Files\Ace Utilities\wipext.dll]  [N/A, N/A]
	[C:\Program Files\Ace Utilities\WIPE.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\amstream.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\quartz.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\devenum.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\msdmo.dll]  [N/A, N/A]
	[C:\Program Files\K-Lite Codec Pack\filters\vsfilter.dll]  [Gabest, 1, 0, 0, 9]
	[C:\Program Files\K-Lite Codec Pack\filters\3ivxDSMediaSplitter.ax]  [3ivx.com, 4, 5, 1, 30]
	[C:\WINDOWS\system32\OpenQuicktimeLib.dll]  [N/A, N/A]
	[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcspmpeg.ax]  [MainConcept AG, 1, 0, 1, 3]
	[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mpegin.dll]  [MainConcept AG, official release build]
	[C:\WINDOWS\system32\mpg2splt.ax]  [N/A, N/A]
	[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcdsmpeg.ax]  [MainConcept AG, 1, 0, 0, 73]
	[C:\Program Files\Sony\Shared Plug-Ins\File Formats\MCMPEG\mcmpgdec.dll]  [MainConcept AG, official release build]
	[C:\WINDOWS\system32\dxmasf.dll]  [N/A, N/A]
	[C:\Program Files\Common Files\Ahead\DSFilter\NeVideo.ax]  [Ahead Software AG, 2, 0, 1, 0]
	[C:\Program Files\Common Files\Ahead\Lib\AdvrCntr.dll]  [Ahead Software AG, 1,0,13, 2121]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\jp2raw.dll]  [http://www.PretentiousName.com, 1, 1, 0, 0]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\movie.dll]  [GP Software, 1, 0, 0, 4]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\wma.dll]  [GP Software, 1, 0, 0, 3]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\textthumb.dll]  [http://www.PretentiousName.com, 1, 2, 0, 0]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\gifanim.dll]  [http://www.PretentiousName.com, 1, 1, 0, 8]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\ogg.dll]  [http://www.gpsoft.com.au, 1, 0, 0, 4]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\targa.dll]  [GP Software, 1, 0, 0, 4]
	[C:\Program Files\GPSoftware\Directory Opus\Viewers\text.dll]  [GP Software, 1, 0, 0, 12]
[PID: 2108][C:\WINDOWS\system32\ctfmon.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2184][C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe]  [Extensis Products Group, 9.2]
	[C:\Program Files\Extensis\Suitcase 9.2\EToolBox.dll]  [Extensis, Inc., 1.0.6]
	[C:\Program Files\Extensis\Suitcase 9.2\slp.dll]  [N/A, N/A]
	[C:\Program Files\Extensis\Suitcase 9.2\SCAfmSup.dll]  [Extensis Products Group, 1, 0, 0, 1]
	[C:\Program Files\Extensis\Suitcase 9.2\SCAtmSup.dll]  [Extensis Products Group, 1, 0, 0, 1]
	[C:\WINDOWS\system32\ATMLIB.dll]  [Adobe Systems, 5.1 Build 226]
[PID: 2196][C:\WINDOWS\system32\WTablet\TabUserW.exe]  [Wacom Technology, Corp., 4.91-2]
[PID: 2208][C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopHyper.dll]  [Google, 4.2006.1008.2039]
	[C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\gzlib.dll]  [N/A, N/A]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
[PID: 2220][C:\WINDOWS\System32\svchost.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
[PID: 2420][C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\gzlib.dll]  [N/A, N/A]
	[C:\WINDOWS\system32\icm32.dll]  [Microsoft Corporation, 5.1.2600.2709 (xpsp_sp2_gdr.050628-1518)]
[PID: 2452][C:\Program Files\iPod\bin\iPodService.exe]  [Apple Computer, Inc., 7.0.2.16]
	[C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL]  [Apple Computer, Inc., 7.0.2.16]
	[C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL]  [Apple Computer, Inc., 7.0.2.16]
[PID: 820][C:\Program Files\Microsoft Office\Office10\WINWORD.EXE]  [Microsoft Corporation, 10.0.2627]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopOffice.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\TechSmith\SnagIt 8\SnagItOfficeAddin.dll]  [TechSmith Corporation, 1.1.0]
	[C:\Program Files\TechSmith\SnagIt 8\SnagItOfficeAddinRes.dll]  [TechSmith Corporation, 1.1.0]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR4d.DLL]  [CANON INC., 1.62.2.2]
[PID: 184][C:\Documents and Settings\Owner\Desktop\gmer.exe]  [N/A, 1, 0, 12, 12011]
	[C:\WINDOWS\gmer.dll]  [N/A, 1, 0, 12, 12011]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
[PID: 3652][C:\WINDOWS\explorer.exe]  [Microsoft Corporation, 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\Program Files\Taskbar Shuffle\tbhookin.dll]  [, 2.0.0.469]
	[C:\Program Files\SmartFTP\smarthook.dll]  [SmartFTP, 1.0.2.1]
	[C:\Program Files\WinSCP3\DragExt.dll]  [Martin Prikryl, 1.1.5.67]
	[C:\Program Files\Ashampoo\Ashampoo WinOptimizer Platinum 3\ContextHandler.dll]  [N/A, N/A]
	[C:\Program Files\Ace Utilities\wipext.dll]  [N/A, N/A]
	[C:\Program Files\Ace Utilities\WIPE.dll]  [N/A, N/A]
	[C:\Program Files\WinRAR\rarext.dll]  [N/A, N/A]
	[C:\Program Files\TextPad 4\System\shellext.dll]  [Helios Software Solutions, 1.4]
	[C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll]  [TechSmith Corporation, 1.0.2.0]
	[C:\Program Files\eFax Messenger 4.0\J2GShell.dll]  [j2 Global Communications, Inc., 4.0.134.0]
	[C:\Program Files\eFax Messenger 4.0\J2GRes_Enu.dll]  [j2 Global Communications, Inc., 4.0.134.0]
[PID: 3280][C:\Program Files\Windows NT\Accessories\wordpad.exe]  [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMUI4d.DLL]  [CANON INC., 1.62.2.2]
	[C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\CNMDR4d.DLL]  [CANON INC., 1.62.2.2]
[PID: 500][C:\Program Files\Mozilla Firefox\firefox.exe]  [Mozilla Corporation, 1.8.1.1: 2006120418]
	[C:\Program Files\Mozilla Firefox\js3250.dll]  [Netscape Communications Corporation, 4.0]
	[C:\Program Files\Mozilla Firefox\nspr4.dll]  [Netscape Communications Corporation, 4.6.4]
	[C:\Program Files\Mozilla Firefox\xpcom_core.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Program Files\Mozilla Firefox\plc4.dll]  [Netscape Communications Corporation, 4.6.4]
	[C:\Program Files\Mozilla Firefox\plds4.dll]  [Netscape Communications Corporation, 4.6.4]
	[C:\Program Files\Mozilla Firefox\smime3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\Program Files\Mozilla Firefox\nss3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\Program Files\Mozilla Firefox\softokn3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\Program Files\Mozilla Firefox\ssl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\Program Files\Mozilla Firefox\xpcom_compat.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopResources_en.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Mozilla Firefox\components\myspell.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Program Files\Mozilla Firefox\components\GoogleDesktopMozilla.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Mozilla Firefox\xpcom.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Program Files\Google\Google Desktop Search\GoogleDesktopAPI2.dll]  [Google, 4.2006.1008.2039]
	[C:\Program Files\Mozilla Firefox\components\jar50.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll]  [N/A, N/A]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]
	[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll]  [N/A, N/A]
	[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}\components\FoxyTunes.dll]  [N/A, N/A]
	[C:\Program Files\Mozilla Firefox\freebl3.dll]  [Mozilla Foundation, 3.11.4 Basic ECC]
	[C:\PROGRA~1\MOZILL~1\nssckbi.dll]  [Mozilla Foundation, 1.62]
	[C:\Program Files\Mozilla Firefox\components\spellchk.dll]  [Mozilla Foundation, 1.8.1.1: 2006120418]
	[C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\components\ColorZilla.dll]  [N/A, N/A]
	[C:\Program Files\Mozilla Firefox\plugins\npmozax.dll]  [, 1, 0, 0, 4]
	[C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll]  [N/A, N/A]
	[C:\Program Files\Google\Google Desktop Search\gzlib.dll]  [N/A, N/A]
	[C:\WINDOWS\HKNTDLL.dll]  [N/A, N/A]
	[C:\Program Files\Dell\Dell DJ Explorer\CTOJBNS.DLL]  [Creative Technology Ltd, 1.00.13]
	[C:\Program Files\Dell\Dell DJ Explorer\CTIntrfc.dll]  [Creative Technology Ltd, 1.1.1.0]
	[C:\Program Files\Dell\Dell DJ Explorer\DFMHK.dll]  [Creative Technology Ltd, 1.0.1.0]
	[C:\Program Files\Dell\Dell DJ Explorer\CTOJBRES.DLL]  [Creative Technology Ltd, 1.00.11]
	[C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  [Adobe Systems, Inc., 7.0.0.0]
[PID: 3100][C:\Documents and Settings\Owner\Desktop\SREng.EXE]  [Smallfrogs Studio, 2.3.13.690]
	[C:\Program Files\GPSoftware\Directory Opus\dopuslib.dll]  [GP Software, 2, 0, 60, 0]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   Error. ["C:\Program Files\Macromedia\Dreamweaver MX\Dreamweaver.exe" "%1"]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1	   localhost

==================================
API HOOK
N/A

==================================

guestolo · « **Reply #17 on:** January 09, 2007, 01:16:12 AM »

Can you do the following please
==Download AVG Anti-Spyware 7.5

Save the installer to desktop
Double click the installer, select your language, and then select "OK"
Click NEXT>>>Select I Agree>>>NEXT>>>INSTALL
AVG will now install and afterwards click FINISH
AVG Anti-Spyware 7.5 should now Load
Click the Update tab at the top. Under Manual Update click Start update.
After the update finishes (the status bar at the bottom will display "Update successful")
Click on the Scanner tab at the top
Click the "Settings" tab and then change the recommended action under "How to Act" to Quarantine and ensure that "Automatically generate report after every scan" IS selected and
"Only if Threats are found" IS NOT selected

CLOSE AVG-Antispyware for now, as we will need it later

Download [color=\"red\"]SDFix[/color] and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
We'll need this later

Download [color=\"#FF0000\"]The Avenger.zip[/color] by Swandog46 to your Desktop.

* Click on Avenger.zip to open the file
* Extract avenger.exe to your desktop
We'll need this shortly

Print the rest of these instructions, it's important, as much of the instructions will be done without any browser windows open and in also safe mode
LOG OFF any other users on the computer except for yourself

Copy ALL the text contained in [color=\"#0000FF\"]blue[/color] below to your Clipboard by highlighting it and pressing the (Ctrl+C) on your keyboard,

=============================================================
[color=\"#0000FF\"]
Drivers to unload:
agony[/color]

==========================================================================
Now, start The Avenger program by clicking on its icon on your desktop
OK the prompt

* Under "Script file to execute" choose "Input Script Manually".
* Now click on the Magnifying Glass icon which will open a new window titled "View/edit script"
* Paste the text copied to clipboard into this window by pressing (Ctrl+V).
* Click Done
* Now click on the [color=\"#00FF00\"]Green Light[/color] to begin execution of the script
* Answer "Yes" twice when prompted.

Avenger should now Reboot your computer
Since the script includes "Drivers to unload:"
Your computer will actually reboot twice

Back in Windows
Remain offline, don't open any browser windows
Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Load AVG Anti-Spyware 7.5

Click on the Scanner tab at the top
Cick on Complete System Scan.
This scan can take a while to run, let it run uninterrupted
When the scan is complete it will list any infections found on the left hand side.
Click the Apply all actions button. AVG Anti-Spyware will display "All actions have been applied" on the right hand side.
Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file (like on the Desktop).

I will need to see this log later

SDFix

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt

Post back all the following please
Even if it takes more than one reply to do so

1. Post a fresh hijackthis log
2. Post the whole report from AVG antispyware
3. Post the "Report.txt" from SDFix
4. Post the log from Avenger>>C:\Avenger.txt

Could you also do the following
AVG and SDFix should of taken care of some files>folders
But can I have you run another scan with GMER rootkit scan please
Before you run the scan, can you open your TaskManager and End Process on "thunderbird.exe"
It seemed to make the last log huge

http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
Ending it's process may help out....

bradfitz · « **Reply #18 on:** January 09, 2007, 12:39:07 PM »

Thank You.

I just followed all of the above instructions and I will post all requested log files below in separate posts.

Here is my fresh hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 12:37:46 PM, on 1/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Tablet.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\zHotkey.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\ALCWZRD.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\SecCopy\SecCopy.exe
C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
C:\Program Files\GPSoftware\Directory Opus\dopus.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Extensis\Suitcase 9.2\Suitcase.exe
C:\WINDOWS\system32\WTablet\TabUserW.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Owner\My Documents\My Work\downloads\Hijack This\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bradfitzpatrick.com/bookmarks/bookmarks.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gatewaybiz.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gatewaybiz.com
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Cleanup] ;
O4 - HKLM\..\Run: [Gateway Extended Warranty] ;
O4 - HKLM\..\Run: [msci] ;
O4 - HKLM\..\Run: [SSC_UserPrompt] ;
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_7 -reboot 1
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [Second Copy] "C:\PROGRA~1\SecCopy\SecCopy.exe"
O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
O4 - HKCU\..\Run: [DOpus] C:\Program Files\GPSoftware\Directory Opus\dopus.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Suitcase Startup.lnk = ?
O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIC273~1\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A91DEB0D-AD0D-453E-9AC8-60178EC24212} - http://thesecret.tv/movie/player/vivid_ocx.jpeg
O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

bradfitz · « **Reply #19 on:** January 09, 2007, 12:40:06 PM »

my AVG report:

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:00:01 PM 1/9/2007

+ Scan result:

C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\A0048587.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\A0048588.exe -> Backdoor.Prorat.19.i : Cleaned with backup (quarantined).
C:\My Downloads 3\registry clean up and tune up tools\RegDoctor v1.63\RegDoctor_keygen.exe -> Logger.Perfloger.o : Cleaned with backup (quarantined).
K:\My Stuff\Software\Huge Video Editing Software Collection\DVD.Lab.1.00.Pro.rar/DVD.Lab.1.00.Pro\Patcher.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Owner\agony.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP330\A0064338.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\WINDOWS\system32\agony.sys -> Rootkit.Agony : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winsecurityxp\rk.exe -> Rootkit.Agony : Cleaned with backup (quarantined).
:mozilla.156:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.155:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.157:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.158:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.159:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.160:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.161:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.162:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.163:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.164:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.170:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.171:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.172:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.173:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.174:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.175:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.176:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.177:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.178:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.179:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.180:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.181:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.182:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.183:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.184:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.185:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.186:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.187:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.188:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.189:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.190:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.191:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.192:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.193:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.194:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.195:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.196:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.197:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.198:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.199:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.200:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.203:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.204:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.244:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.458:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.588:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.101:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.147:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.604:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.285:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.287:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.288:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.289:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.686:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.687:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.689:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.690:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.691:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.692:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.351:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.352:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.353:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.354:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Cj : Cleaned.
:mozilla.509:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.406:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.369:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned.
:mozilla.99:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.605:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.498:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.500:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.501:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.502:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.232:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.236:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.661:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.215:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.216:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.217:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.311:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.312:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.313:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.641:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.693:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.704:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.242:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.245:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Hypertracker : Cleaned.
:mozilla.459:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.460:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.461:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.569:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.570:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.625:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.626:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.106:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.107:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned.
:mozilla.362:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.363:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.364:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.379:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.380:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.381:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.382:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.383:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.208:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.108:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.109:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.112:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.113:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.32:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.33:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.34:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.35:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.36:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.37:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.38:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.39:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.43:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.44:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.52:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.53:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.55:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.56:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.57:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.58:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.59:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.60:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.61:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.63:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.64:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.65:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.66:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.67:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.68:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.69:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.70:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.71:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.72:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.73:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.75:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.76:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.77:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.286:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.290:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.291:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.292:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.685:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.688:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.697:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.698:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.699:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.700:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.701:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.702:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.703:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.152:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.265:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.220:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.221:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.222:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Web-stat : Cleaned.
:mozilla.527:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.528:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.660:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.258:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.259:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.260:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.261:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.314:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.315:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.316:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.317:C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\ygl5nnqq.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP265\A0048586.exe -> Worm.VB.an : Cleaned with backup (quarantined).
K:\My Stuff\Software\Ace Utilities 3.0.0.4038.zip/Setup.exe -> Worm.VB.an : Cleaned with backup (quarantined).

::Report end

News:

Author Topic: I Have "win32.p2p-Worm.Alcan.a" -- please help if you can. (Read 3875 times)