Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Lineage-419 Trojan


  • This topic is locked This topic is locked
11 replies to this topic

#1 Sydney2K

Sydney2K

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 07 January 2007 - 04:59 AM

I found that I hadn't updated my virus checker (Avast!; because I had forgotten to re-register), so I updated it. In running the program it did a memory check and said it found the following problem:

c:\windows\system32\dllms.dll\[NsPack]
Win32:Lineage-419[Trj]
0652-6,01/12/2006

I tried to delete it but after rebooting I found the trojan was still there. Doing a Google search on "dllms.dll" I found this forum so I am posting this to get assistance in removing the trojan. I've done a preliminary check with Ad-Aware and Spybot and deleted any other remaining problems. I've run HijackThis and found the following:

Logfile of HijackThis v1.99.1
Scan saved at 5:23:36 PM, on 7/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
E:\My Programs\Disk\Nero Express\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
E:\My Programs\Security\Avast4\aswUpdSv.exe
E:\My Programs\Security\Avast4\ashServ.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
E:\My Programs\Disk\Nero Express\InCD\InCD.exe
E:\My Programs\Utilities\Labtec Media Keyboard V5.0\KbdAp32A.exe
E:\My Programs\Utilities\Labtec Mouse 2.1\moffice.exe
E:\My Drivers\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\My Drivers\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
C:\Program Files\Microsoft\svhost32.exe
C:\WINDOWS\system32\ctfmon.exe
E:\My Programs\Security\Spybot - Search & Destroy\TeaTimer.exe
E:\My Programs\Audio\Creative MediaSource\RemoteControl\RCMan.EXE
E:\MYPROG~2\UTILIT~1\FASTDE~1\FAST2.EXE
E:\My Programs\Utilities\Labtec Mouse 2.1\MOUSE32A.EXE
E:\My Programs\Security\Jetico Personal Firewall\fwsrv.exe
E:\My Programs\ubSpawn.exe
C:\WINDOWS\twain_32\C6U14K\WATCH.exe
C:\WINDOWS\system32\wuauclt.exe
E:\My Programs\Security\Avast4\ashMaiSv.exe
E:\My Programs\Security\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
E:\Old\Program Files\1-Small\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file:///F:/My%20Documents/html/links.html
O1 - Hosts: 127.255.255.255 www.getright.com
O1 - Hosts: 127.255.255.255 pro.getright.com
O1 - Hosts: 127.255.255.255 www.headlightinc.com
O2 - BHO: PixGrabber Helper - {0FD387DF-5E13-4EAB-BB19-A1F4C2D0B325} - E:\My Programs\Internet\PixGrabber Free\PxGIEPlugins.dll
O2 - BHO: GigagetIEHelper - {111CAA23-6F4F-42AC-8555-B48C1D87BBAB} - C:\WINDOWS\system32\gigagetbho_v10.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\My Programs\Internet\GetRight 6.0\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\My Programs\Security\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - E:\My Programs\Internet\Free Download Manager\iefdmcks.dll
O3 - Toolbar: PixGrabber Links Bar - {4A360645-F363-416A-A7A3-54E4804F90ED} - E:\MYPROG~2\Internet\PIXGRA~1\PxGIEGUI.dll
O3 - Toolbar: PixGrabber Bar - {9377C91E-EB13-4AF4-9B45-42BE835BB548} - E:\MYPROG~2\Internet\PIXGRA~1\PxGIEGUI.dll
O3 - Toolbar: &Paessler Site Inspector 4 Toolbar - {EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} - E:\MYPROG~2\Internet\PAESSL~1\PSITOO~1.DLL
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] E:\My Programs\Disk\Nero Express\InCD\InCD.exe
O4 - HKLM\..\Run: [LWBKEYBOARD] E:\My Programs\Utilities\Labtec Media Keyboard V5.0\KbdAp32A.exe
O4 - HKLM\..\Run: [FLMOFFICE4DMOUSE] E:\My Programs\Utilities\Labtec Mouse 2.1\moffice.exe
O4 - HKLM\..\Run: [CTSysVol] E:\My Drivers\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\My Drivers\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ms] C:\Program Files\Microsoft\svhost32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\My Programs\Security\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RemoteCenter] E:\My Programs\Audio\Creative MediaSource\RemoteControl\RCMan.EXE
O4 - HKCU\..\Run: [FAST Defrag] E:\MYPROG~2\UTILIT~1\FASTDE~1\FAST2.EXE -tray
O4 - Global Startup: Microsoft Office.lnk = E:\My Programs\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Shortcut to fwsrv.lnk = E:\My Programs\Security\Jetico Personal Firewall\fwsrv.exe
O4 - Global Startup: Shortcut to ubSpawn.lnk = E:\My Programs\ubSpawn.exe
O4 - Global Startup: Watch.lnk = C:\WINDOWS\twain_32\C6U14K\WATCH.exe
O8 - Extra context menu item: &Download All by Gigaget - E:\My Programs\Internet\Gigaget\getallurl.htm
O8 - Extra context menu item: &Download by Gigaget - E:\My Programs\Internet\Gigaget\geturl.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://E:\My Programs\Internet\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://E:\My Programs\Internet\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://E:\My Programs\Internet\Free Download Manager\dllink.htm
O8 - Extra context menu item: Download with GetRight Pro - E:\My Programs\Internet\GetRight 6.0\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Pro Browser - E:\My Programs\Internet\GetRight 6.0\GRbrowse.htm
O8 - Extra context menu item: PSI: Copy Image as HTML Tag - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-tag
O8 - Extra context menu item: PSI: Copy Image URL - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/copy-img-src
O8 - Extra context menu item: PSI: Copy Link as HTML Tag - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/copy-a-tag
O8 - Extra context menu item: PSI: Copy Meister - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/copymeister
O8 - Extra context menu item: PSI: Open Frame In New Window - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-new-window
O8 - Extra context menu item: PSI: Open Frame In This Window - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/open-frame-in-this-window
O8 - Extra context menu item: PSI: Open Selected Text as URL in New Window - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/open-selection
O8 - Extra context menu item: PSI: Show All Forms - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/forms
O8 - Extra context menu item: PSI: Show All Images - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/images
O8 - Extra context menu item: PSI: Show All Links - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/links
O8 - Extra context menu item: PSI: Show All Scripts - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/scripts
O8 - Extra context menu item: PSI: Show All Stylesheets - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/styles
O8 - Extra context menu item: PSI: Show HTTP Header - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/headers
O8 - Extra context menu item: PSI: Show Source - res://E:\My Programs\Internet\Paessler Site Inspector 4\PSIToolbar.dll/source
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C36A5E3C-5E68-41F9-A450-32A75D85C672}: NameServer = 203.12.160.35,203.12.160.36
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\My Programs\Security\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\My Programs\Security\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\My Programs\Security\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\My Programs\Security\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: InCD Helper (InCDsrv) - Nero AG - E:\My Programs\Disk\Nero Express\InCD\InCDsrv.exe

--

I also did a second check with Kaspersky online virus checker and found the following:

C:\DOCUME~1\Widya\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0RZZQKXP\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\DOCUME~1\Widya\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\0RZZQKXP\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\DOCUME~1\Widya\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\4P6BKHQ3\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\DOCUME~1\Widya\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\690LCJK1\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\DOCUME~1\Widya\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KLY3CPAN\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\DOCUME~1\Widya\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\KLY3CPAN\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\DOCUME~1\Widya\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\OQTUBUID\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\DOCUME~1\Widya\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\TX6O0Y3F\index[9].htm Infected: Trojan-Downloader.JS.Psyme.ce skipped
C:\DOCUME~1\Widya\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\TX6O0Y3F\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped

I've gone in and deleted the files, and then as per instructions in your preparation guide I have run cleanmgr and removed the advised files.

I would appreciate assistance in finally removing this trojan.

Thanks.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:41 AM

Posted 07 January 2007 - 10:58 AM

Hello Sydney2K and welcome to the BC HijackThis forum. Let's see what else we can find.

Download WinPFind3U.exe to your Desktop and double-click on it to extract the files. It will create a folder named WinPFind3u on your desktop.
  • Open the WinPFind3u folder and double-click on WinPFind3U.exe to start the program.
    • In the Files Created Within group click 30 days
    • In the Files Modified Within group select 30 days
    • In the File String Search group select Non-Microsoft
  • Now click the Run Scan button on the toolbar.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.
Use the Add Reply button and Copy/Paste the information back here. I will review it when it comes in. If, after posting, the last line is not < End of Report > then the log is too big to fit into a single post and you will need to split it into multiple posts.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 Sydney2K

Sydney2K
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 08 January 2007 - 02:37 AM

WinPFind3 logfile created on: 8/01/2007 6:21:32 AM
WinPFind3U by OldTimer - Version 1.0.9 Folder = I:\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1048096 Kb Total Physical Memory | 673012 Kb Available Physical Memory | 64.21% Memory free
3305644 Kb Paging File | 3029484 Kb Available in Paging File | 91.65% Paging File free
Paging file location(s): D:\pagefile.sys 766 766;

%SystemDrive% = C: | %ProgramFiles% = C:\Program Files
Drive C: | 12289692 Kb Total Space | 6497376 Kb Free Space | 52.87% Space Free
Drive D: | 5140768 Kb Total Space | 4353660 Kb Free Space | 84.69% Space Free
Drive E: | 51199152 Kb Total Space | 33995724 Kb Free Space | 66.40% Space Free
Drive F: | 51199152 Kb Total Space | 22602784 Kb Free Space | 44.15% Space Free


[Processes - Non-Microsoft Only]
ashmaisv.exe -> E:\My Programs\Security\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 251520 bytes | Modified Date = 26/09/2006 2:41:44 AM | Attr = ]
ashserv.exe -> E:\My Programs\Security\Avast4\ashServ.exe -> [Ver = 4, 7, 889, 0 | Size = 108160 bytes | Modified Date = 26/09/2006 2:42:02 AM | Attr = ]
ashwebsv.exe -> E:\My Programs\Security\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 370304 bytes | Modified Date = 26/09/2006 2:41:34 AM | Attr = ]
aswupdsv.exe -> E:\My Programs\Security\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 26/09/2006 2:32:08 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 13/09/2003 1:33:38 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 13/09/2003 1:33:38 PM | Attr = ]
ctdvddet.exe -> E:\My Drivers\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 2:00:00 AM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/01/2005 11:58:06 PM | Attr = ]
ctsysvol.exe -> E:\My Drivers\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Modified Date = 17/09/2003 11:43:36 AM | Attr = ]
fast2.exe -> E:\My Programs\Utilities\FAST Defrag\FAST2.EXE -> AMS Software [Ver = 2.03 | Size = 58880 bytes | Modified Date = 31/12/2003 1:00:00 PM | Attr = ]
fwsrv.exe -> E:\My Programs\Security\Jetico Personal Firewall\fwsrv.exe -> Jetico, Inc. [Ver = 1.0.1.61 | Size = 118784 bytes | Modified Date = 19/07/2005 5:22:14 PM | Attr = ]
incd.exe -> E:\My Programs\Disk\Nero Express\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 16, 1 | Size = 1397760 bytes | Modified Date = 11/06/2005 1:20:06 AM | Attr = ]
incdsrv.exe -> E:\My Programs\Disk\Nero Express\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 16, 1 | Size = 869888 bytes | Modified Date = 10/06/2005 6:19:38 PM | Attr = ]
kbdap32a.exe -> E:\My Programs\Utilities\Labtec Media Keyboard V5.0\KbdAp32A.exe -> [Ver = 3.9.2.1 | Size = 387584 bytes | Modified Date = 28/01/2005 9:23:24 PM | Attr = ]
moffice.exe -> E:\My Programs\Utilities\Labtec Mouse 2.1\moffice.exe -> [Ver = 1, 0, 0, 1 | Size = 802816 bytes | Modified Date = 4/10/2006 12:30:22 PM | Attr = ]
mouse32a.exe -> E:\My Programs\Utilities\Labtec Mouse 2.1\mouse32a.exe -> [Ver = 3.0.1.0 | Size = 356352 bytes | Modified Date = 4/10/2006 12:30:22 PM | Attr = ]
pdexplo.exe -> E:\My Programs\File\PowerDesk\PDExplo.exe -> Avanquest Publishing USA, Inc. [Ver = 6.0.1.3 | Size = 2142208 bytes | Modified Date = 12/10/2005 6:20:54 PM | Attr = ]
rcman.exe -> E:\My Programs\Audio\Creative MediaSource\RemoteControl\RcMan.exe -> Creative Technology Ltd [Ver = 2.1.0.2 | Size = 139264 bytes | Modified Date = 8/10/2003 5:35:42 PM | Attr = ]
sleipnir.exe -> E:\My Programs\Internet\sleipnir166\Sleipnir.exe -> BCGSoft Ltd [Ver = 5, 7, 0, 0 | Size = 589312 bytes | Modified Date = 28/08/2004 1:32:14 PM | Attr = ]
svhost32.exe -> %ProgramFiles%\Microsoft\svhost32.exe -> [Ver = | Size = 41963 bytes | Modified Date = 17/12/2006 7:04:12 PM | Attr = ]
teatimer.exe -> E:\My Programs\Security\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 2:04:00 AM | Attr = ]
ubspawn.exe -> E:\My Programs\ubSpawn.exe -> United Bytes [Ver = 0.5.5.0 | Size = 716800 bytes | Modified Date = 2/09/2006 9:39:44 PM | Attr = ]
watch.exe -> %SystemRoot%\twain_32\C6U14K\WATCH.exe -> Common Group [Ver = 2, 3, 5, 0 | Size = 356352 bytes | Modified Date = 9/07/2001 3:38:10 PM | Attr = ]
winpfind3u.exe -> I:\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.9.0 | Size = 306176 bytes | Modified Date = 6/01/2007 2:14:24 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> E:\My Programs\Security\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 26/09/2006 2:32:08 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 13/09/2003 1:33:38 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0013 | Size = 114688 bytes | Modified Date = 12/09/2003 10:10:00 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> E:\My Programs\Security\Avast4\ashServ.exe -> [Ver = 4, 7, 889, 0 | Size = 108160 bytes | Modified Date = 26/09/2006 2:42:02 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> E:\My Programs\Security\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 251520 bytes | Modified Date = 26/09/2006 2:41:44 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> E:\My Programs\Security\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 370304 bytes | Modified Date = 26/09/2006 2:41:34 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/01/2005 11:58:06 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 13/08/2004 12:18:40 AM | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> E:\My Programs\Disk\Nero Express\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 16, 1 | Size = 869888 bytes | Modified Date = 10/06/2005 6:19:38 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
CTDVDDET -> E:\My Drivers\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 2:00:00 AM | Attr = ]
CTSysVol -> E:\My Drivers\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Modified Date = 17/09/2003 11:43:36 AM | Attr = ]
FLMOFFICE4DMOUSE -> E:\My Programs\Utilities\Labtec Mouse 2.1\moffice.exe -> [Ver = 1, 0, 0, 1 | Size = 802816 bytes | Modified Date = 4/10/2006 12:30:22 PM | Attr = ]
InCD -> E:\My Programs\Disk\Nero Express\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 16, 1 | Size = 1397760 bytes | Modified Date = 11/06/2005 1:20:06 AM | Attr = ]
KernelFaultCheck -> -> File not found
LWBKEYBOARD -> E:\My Programs\Utilities\Labtec Media Keyboard V5.0\KbdAp32A.exe -> [Ver = 3.9.2.1 | Size = 387584 bytes | Modified Date = 28/01/2005 9:23:24 PM | Attr = ]
ms -> %ProgramFiles%\Microsoft\svhost32.exe -> [Ver = | Size = 41963 bytes | Modified Date = 17/12/2006 7:04:12 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9/07/2001 12:50:42 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
ATI Launchpad -> -> File not found
FAST Defrag -> E:\My Programs\Utilities\FAST Defrag\FAST2.EXE -> AMS Software [Ver = 2.03 | Size = 58880 bytes | Modified Date = 31/12/2003 1:00:00 PM | Attr = ]
RemoteCenter -> E:\My Programs\Audio\Creative MediaSource\RemoteControl\RcMan.exe -> Creative Technology Ltd [Ver = 2.1.0.2 | Size = 139264 bytes | Modified Date = 8/10/2003 5:35:42 PM | Attr = ]
SpybotSD TeaTimer -> E:\My Programs\Security\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 2:04:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Shortcut to fwsrv.lnk -> E:\My Programs\Security\Jetico Personal Firewall\fwsrv.exe -> Jetico, Inc. [Ver = 1.0.1.61 | Size = 118784 bytes | Modified Date = 19/07/2005 5:22:14 PM | Attr = ]
%AllUsersStartup%\Shortcut to ubSpawn.lnk -> E:\My Programs\ubSpawn.exe -> United Bytes [Ver = 0.5.5.0 | Size = 716800 bytes | Modified Date = 2/09/2006 9:39:44 PM | Attr = ]
%AllUsersStartup%\Watch.lnk -> %SystemRoot%\twain_32\C6U14K\WATCH.exe -> Common Group [Ver = 2, 3, 5, 0 | Size = 356352 bytes | Modified Date = 9/07/2001 3:38:10 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^Widya^Start Menu^Programs^Startup^Ativa Net Meter 4.lnk -> E:\Old\Program Files\1-Internet\Ativa Net Meter\Ativa.exe -> Software Solutions [Ver = 4.2.0.0 | Size = 1149952 bytes | Modified Date = 9/04/2003 9:55:50 PM | Attr = ]
C:^Documents and Settings^Widya^Start Menu^Programs^Startup^Bandwidth Meter.lnk -> E:\MYPROG~2\Internet\BANDWI~1\BANDWI~1.EXE -> File not found
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
WinFast Schedule -> %ProgramFiles%\WinFast\WFTVFM\WFWIZ.exe -> File not found
WinFastDTV -> %ProgramFiles%\WinFast\WFDTV\DTVSchdl.exe -> File not found
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
127.255.255.255 www.getright.com -> ->
127.255.255.255 pro.getright.com -> ->
127.255.255.255 www.headlightinc.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> file:///F:/My%20Documents/html/links.html ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0FD387DF-5E13-4EAB-BB19-A1F4C2D0B325} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEPlugins.dll [PixGrabberBHO Class] -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 84480 bytes | Modified Date = 13/09/2004 3:13:50 AM | Attr = ]
{111CAA23-6F4F-42AC-8555-B48C1D87BBAB} [HKLM] -> %System32%\gigagetbho_v10.dll [GigagetIEHelper Class] -> Giganology Inc. [Ver = 4, 6, 0, 48 | Size = 86016 bytes | Modified Date = 9/01/2006 4:01:08 PM | Attr = ]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKLM] -> E:\My Programs\Internet\GetRight 6.0\xx2gr.dll [bho2gr Class] -> Headlight Software, Inc. [Ver = 6.0c | Size = 237568 bytes | Modified Date = 11/09/2006 6:37:48 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> E:\My Programs\Security\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 2:04:00 AM | Attr = ]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> E:\My Programs\Internet\Free Download Manager\iefdmcks.dll [FDMIECookiesBHO Class] -> [Ver = | Size = 81920 bytes | Modified Date = 20/08/2006 8:55:00 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{4A360645-F363-416A-A7A3-54E4804F90ED} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEGUI.dll [PixGrabber Links Bar] -> [Ver = | Size = 549888 bytes | Modified Date = 8/02/2005 9:19:36 PM | Attr = ]
{9377C91E-EB13-4AF4-9B45-42BE835BB548} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEGUI.dll [PixGrabber Bar] -> [Ver = | Size = 549888 bytes | Modified Date = 8/02/2005 9:19:36 PM | Attr = ]
{EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} [HKLM] -> E:\My Programs\Internet\Paessler Site Inspector 4\PsiToolbar.dll [&Paessler Site Inspector 4 Toolbar] -> Paessler GmbH [Ver = 4.1.0.724 | Size = 4489216 bytes | Modified Date = 6/04/2006 10:38:18 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{4A360645-F363-416A-A7A3-54E4804F90ED} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEGUI.dll [PixGrabber Links Bar] -> [Ver = | Size = 549888 bytes | Modified Date = 8/02/2005 9:19:36 PM | Attr = ]
WebBrowser\\{9377C91E-EB13-4AF4-9B45-42BE835BB548} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEGUI.dll [PixGrabber Bar] -> [Ver = | Size = 549888 bytes | Modified Date = 8/02/2005 9:19:36 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8193 ->
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Download All by Gigaget -> E:\My Programs\Internet\Gigaget\getallurl.htm -> [Ver = | Size = 886 bytes | Modified Date = 30/12/2005 12:32:54 PM | Attr = ]
&Download by Gigaget -> E:\My Programs\Internet\Gigaget\geturl.htm -> [Ver = | Size = 2239 bytes | Modified Date = 30/12/2005 7:28:14 PM | Attr = ]
Download all with Free Download Manager -> E:\My Programs\Internet\Free Download Manager\dlall.htm -> [Ver = | Size = 879 bytes | Modified Date = 5/07/2006 7:23:58 PM | Attr = ]
Download selected with Free Download Manager -> E:\My Programs\Internet\Free Download Manager\dlselected.htm -> [Ver = | Size = 449 bytes | Modified Date = 18/05/2006 8:45:38 PM | Attr = ]
Download with Free Download Manager -> E:\My Programs\Internet\Free Download Manager\dllink.htm -> [Ver = | Size = 1058 bytes | Modified Date = 5/07/2006 7:20:08 PM | Attr = ]
Download with GetRight Pro -> E:\My Programs\Internet\GetRight 6.0\GRdownload.htm -> [Ver = | Size = 994 bytes | Modified Date = 29/03/2006 4:35:14 PM | Attr = ]
Open with GetRight Pro Browser -> E:\My Programs\Internet\GetRight 6.0\GRBrowse.htm -> [Ver = | Size = 977 bytes | Modified Date = 29/03/2006 4:35:14 PM | Attr = ]
PSI: Copy Image as HTML Tag -> -> File not found
PSI: Copy Image URL -> -> File not found
PSI: Copy Link as HTML Tag -> -> File not found
PSI: Copy Meister -> -> File not found
PSI: Open Frame In New Window -> -> File not found
PSI: Open Frame In This Window -> -> File not found
PSI: Open Selected Text as URL in New Window -> -> File not found
PSI: Show All Forms -> -> File not found
PSI: Show All Images -> -> File not found
PSI: Show All Links -> -> File not found
PSI: Show All Scripts -> -> File not found
PSI: Show All Stylesheets -> -> File not found
PSI: Show HTTP Header -> -> File not found
PSI: Show Source -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> E:\My Programs\Video\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 61440 bytes | Modified Date = 26/02/2006 4:50:46 AM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> E:\My Programs\Security\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 13824 bytes | Modified Date = 26/09/2006 2:36:56 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 13/08/2004 12:19:44 AM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> E:\My Programs\Disk\Nero Express\InCD\incdshx.dll [Shell Extension for CDRW] -> Nero AG [Ver = 4, 3, 16, 1 | Size = 103424 bytes | Modified Date = 10/06/2005 6:20:36 PM | Attr = ]
{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} [HKLM] -> Reg Data - Key not found [Haali Matroska Thumbnail Exctractor] -> File not found
< Approved Shell Extensions [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [Ver = | Size = 561209 bytes | Modified Date = 19/05/2001 11:57:40 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> E:\My Programs\Security\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 13824 bytes | Modified Date = 26/09/2006 2:36:56 AM | Attr = ]
{26E7F081-EB97-11d3-9239-006008D2D00F} [HKLM] -> E:\My Programs\File\PowerDesk\PDShExt.dll [PowerDesk Menu] -> Avanquest Publishing USA, Inc. [Ver = 6.0.1.2 | Size = 241664 bytes | Modified Date = 4/10/2005 2:08:52 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{26E7F081-EB97-11d3-9239-006008D2D00F} [HKLM] -> E:\My Programs\File\PowerDesk\PDShExt.dll [PowerDesk Menu] -> Avanquest Publishing USA, Inc. [Ver = 6.0.1.2 | Size = 241664 bytes | Modified Date = 4/10/2005 2:08:52 PM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> E:\My Programs\Disk\Nero Express\InCD\incdshx.dll [InCDMenu] -> Nero AG [Ver = 4, 3, 16, 1 | Size = 103424 bytes | Modified Date = 10/06/2005 6:20:36 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> E:\My Programs\Security\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 13824 bytes | Modified Date = 26/09/2006 2:36:56 AM | Attr = ]
{54F51408-DD44-4a12-82EF-519AD2A80DE9} [HKLM] -> E:\My Programs\Video\ATI Multimedia\mlibrary\MLShell.dll [Library] -> ATI Technologies Inc. [Ver = 8.6.000 | Size = 57344 bytes | Modified Date = 2/09/2003 6:13:32 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> E:\My Programs\Video\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 61440 bytes | Modified Date = 26/02/2006 4:50:46 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{13F349CF-6BE0-413B-BB67-5CB6AA204678} -> () ->
{487BD4E6-982C-4170-A324-04F3DE9923AB} -> () ->
{5F94E7B1-EF35-433D-8109-3EE9EB0B634A} -> () ->
{C073E8A1-9154-45A8-A283-7DEFFD6EA427} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
{C36A5E3C-5E68-41F9-A450-32A75D85C672} -> 203.12.160.35,203.12.160.36 (Dynalink USB ADSL LAN Modem) ->
{E97A58EF-2C08-4A6F-9F6C-3AA25580DDAC} -> (1394 Net Adapter) ->
{EF9766A3-D6EC-4B5C-842D-548EF8605277} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->


[Files - Created Wihin 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073319936 bytes | Created Date = 2/01/1601 2:00:00 PM | Attr = HS]
ctor.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1235 | Size = 57344 bytes | Created Date = 16/12/2006 6:30:07 PM | Attr = ]
DotNetInstaller.exe -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 7.0.100.1032 | Size = 5632 bytes | Created Date = 16/12/2006 6:30:06 PM | Attr = ]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1234 | Size = 163972 bytes | Created Date = 16/12/2006 6:30:03 PM | Attr = ]
iKernel.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1242 | Size = 696320 bytes | Created Date = 16/12/2006 6:30:06 PM | Attr = ]
iscript.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1235 | Size = 237568 bytes | Created Date = 16/12/2006 6:30:07 PM | Attr = ]
iuser.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1236 | Size = 155648 bytes | Created Date = 16/12/2006 6:30:07 PM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\setup.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1248 | Size = 282756 bytes | Created Date = 16/12/2006 6:30:01 PM | Attr = ]
ctor.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69714 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
DotNetInstaller.exe -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 11.0.0.28844 | Size = 5632 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 200836 bytes | Created Date = 27/12/2006 6:05:25 PM | Attr = ]
iKernel.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 753664 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
iscript.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 274432 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
iuser.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 184320 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 331908 bytes | Created Date = 27/12/2006 6:05:22 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 31/12/2006 8:37:20 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 31/12/2006 8:37:20 AM | Attr = H ]
Ui.INI -> %SystemRoot%\Ui.INI -> [Ver = | Size = 0 bytes | Created Date = 12/12/2006 5:13:13 PM | Attr = ]
A255_R35.bpl -> %System32%\A255_R35.bpl -> TurboPower Software Company [Ver = 2.55.0.0 | Size = 906512 bytes | Created Date = 12/12/2006 5:09:20 PM | Attr = ]
A258_R35.bpl -> %System32%\A258_R35.bpl -> TurboPower Software Company [Ver = 2.58.0.0 | Size = 913616 bytes | Created Date = 12/12/2006 5:09:20 PM | Attr = ]
Borlndmm.dll -> %System32%\Borlndmm.dll -> Borland International [Ver = 3.0.3.70 | Size = 29952 bytes | Created Date = 12/12/2006 5:09:21 PM | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 4/01/2007 6:35:40 PM | Attr = ]
Cp3240mt.dll -> %System32%\Cp3240mt.dll -> Borland International [Ver = 4.0 | Size = 996872 bytes | Created Date = 12/12/2006 5:09:21 PM | Attr = ]
dllms.dll -> %System32%\dllms.dll -> [Ver = | Size = 24914 bytes | Created Date = 2/01/1601 2:00:00 PM | Attr = ]
Lfbmp10n.dll -> %System32%\Lfbmp10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.013 | Size = 34304 bytes | Created Date = 12/12/2006 5:09:24 PM | Attr = ]
Lfcal10n.dll -> %System32%\Lfcal10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 27136 bytes | Created Date = 12/12/2006 5:09:26 PM | Attr = ]
Lfcmp10n.dll -> %System32%\Lfcmp10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.013 | Size = 266752 bytes | Created Date = 12/12/2006 5:09:24 PM | Attr = ]
Lfdic10n.dll -> %System32%\Lfdic10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 240640 bytes | Created Date = 12/12/2006 5:09:26 PM | Attr = ]
Lffax10n.dll -> %System32%\Lffax10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 77824 bytes | Created Date = 12/12/2006 5:09:24 PM | Attr = ]
Lfimg10n.dll -> %System32%\Lfimg10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 27136 bytes | Created Date = 12/12/2006 5:09:26 PM | Attr = ]
Lflma10n.dll -> %System32%\Lflma10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 35840 bytes | Created Date = 12/12/2006 5:09:25 PM | Attr = ]
Lflmb10n.dll -> %System32%\Lflmb10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 31232 bytes | Created Date = 12/12/2006 5:09:25 PM | Attr = ]
Lfmac10n.dll -> %System32%\Lfmac10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 25600 bytes | Created Date = 12/12/2006 5:09:26 PM | Attr = ]
Lfpct10n.dll -> %System32%\Lfpct10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 31232 bytes | Created Date = 12/12/2006 5:09:26 PM | Attr = ]
Lfpcx10n.dll -> %System32%\Lfpcx10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 33280 bytes | Created Date = 12/12/2006 5:09:24 PM | Attr = ]
Lftif10n.dll -> %System32%\Lftif10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.013 | Size = 122368 bytes | Created Date = 12/12/2006 5:09:24 PM | Attr = ]
Lfwmf10n.dll -> %System32%\Lfwmf10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 28160 bytes | Created Date = 12/12/2006 5:09:25 PM | Attr = ]
Ltdis10n.dll -> %System32%\Ltdis10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 228864 bytes | Created Date = 12/12/2006 5:09:25 PM | Attr = ]
Ltfil10n.dll -> %System32%\Ltfil10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.013 | Size = 103424 bytes | Created Date = 12/12/2006 5:09:24 PM | Attr = ]
Ltimg10n.dll -> %System32%\Ltimg10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.009 | Size = 117760 bytes | Created Date = 12/12/2006 5:09:24 PM | Attr = ]
Ltkrn10n.dll -> %System32%\Ltkrn10n.dll -> LEAD Technologies, Inc. [Ver = 10.0.0.013 | Size = 297472 bytes | Created Date = 12/12/2006 5:09:24 PM | Attr = ]
Ltwrp10n.dll -> %System32%\Ltwrp10n.dll -> LEAD Technologies, Inc. [Ver = 1, 0, 0, 1 | Size = 600576 bytes | Created Date = 12/12/2006 5:09:24 PM | Attr = ]
MonitorA.dll -> %System32%\MonitorA.dll -> [Ver = | Size = 136 bytes | Created Date = 30/12/2006 6:46:04 AM | Attr = ]
P1usd.dll -> %System32%\P1usd.dll -> [Ver = 1, 0, 0, 0 | Size = 188416 bytes | Created Date = 12/12/2006 5:08:46 PM | Attr = ]
ParaSaver.scr -> %System32%\ParaSaver.scr -> [Ver = 1, 0, 0, 1 | Size = 135168 bytes | Created Date = 12/12/2006 5:08:41 PM | Attr = ]
PuzzSaver.scr -> %System32%\PuzzSaver.scr -> BearPaw [Ver = 1, 0, 0, 0 | Size = 176128 bytes | Created Date = 12/12/2006 5:08:41 PM | Attr = ]
SpotSaver.scr -> %System32%\SpotSaver.scr -> BearPaw [Ver = 1, 0, 0, 0 | Size = 172032 bytes | Created Date = 12/12/2006 5:08:41 PM | Attr = ]
VCL35.BPL -> %System32%\VCL35.BPL -> Borland International [Ver = 3.0.3.70 | Size = 1455736 bytes | Created Date = 12/12/2006 5:09:20 PM | Attr = ]
vclx35.bpl -> %System32%\vclx35.bpl -> Borland International [Ver = 3.0.3.70 | Size = 245912 bytes | Created Date = 12/12/2006 5:09:20 PM | Attr = ]
wfdbbda.sys -> %System32%\drivers\wfdbbda.sys -> Leadtek [Ver = 5.13.11.805 | Size = 29952 bytes | Created Date = 16/12/2006 6:12:04 PM | Attr = ]
wfdbload.sys -> %System32%\drivers\wfdbload.sys -> Leadtek [Ver = 5.13.11.805 | Size = 18560 bytes | Created Date = 16/12/2006 6:11:22 PM | Attr = R ]

[Files - Modified Wihin 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/01/2007 3:20:46 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073319936 bytes | Modified Date = 7/01/2007 5:20:54 PM | Attr = HS]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1234 | Size = 163972 bytes | Modified Date = 16/12/2006 7:30:04 PM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\setup.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1248 | Size = 282756 bytes | Modified Date = 16/12/2006 7:30:02 PM | Attr = ]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 200836 bytes | Modified Date = 27/12/2006 7:05:26 PM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 331908 bytes | Modified Date = 27/12/2006 7:05:24 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 7/01/2007 5:20:56 PM | Attr = S]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 7/01/2007 7:27:00 PM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 478 bytes | Modified Date = 28/12/2006 10:17:08 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 31/12/2006 9:37:22 AM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 31/12/2006 9:37:22 AM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 256 bytes | Modified Date = 6/01/2007 3:20:46 PM | Attr = ]
UEDIT32.INI -> %SystemRoot%\UEDIT32.INI -> [Ver = | Size = 5882 bytes | Modified Date = 4/01/2007 11:57:54 PM | Attr = ]
Ui.INI -> %SystemRoot%\Ui.INI -> [Ver = | Size = 0 bytes | Modified Date = 12/12/2006 6:13:14 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1142 bytes | Modified Date = 6/01/2007 3:20:46 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 16/12/2006 7:35:10 PM | Attr = ]
{00000000-00000000-00000008-00001102-00000004-20021102}.CDF -> %SystemRoot%\{00000000-00000000-00000008-00001102-00000004-20021102}.CDF -> [Ver = | Size = 4935514 bytes | Modified Date = 7/01/2007 5:21:20 PM | Attr = ]
BMXBkpCtrlState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> %System32%\BMXBkpCtrlState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> [Ver = | Size = 32088 bytes | Modified Date = 7/01/2007 5:13:38 PM | Attr = ]
BMXCtrlState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> %System32%\BMXCtrlState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> [Ver = | Size = 32088 bytes | Modified Date = 7/01/2007 5:13:38 PM | Attr = ]
BMXState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> %System32%\BMXState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> [Ver = | Size = 32592 bytes | Modified Date = 7/01/2007 5:13:38 PM | Attr = ]
BMXStateBkp-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> %System32%\BMXStateBkp-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> [Ver = | Size = 32592 bytes | Modified Date = 7/01/2007 5:13:38 PM | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 4/01/2007 7:35:42 PM | Attr = ]
dllms.dll -> %System32%\dllms.dll -> [Ver = | Size = 24914 bytes | Modified Date = 7/01/2007 5:21:10 PM | Attr = ]
DVCState-{00000000-00000000-00000008-00001102-00000004-20021102}.dat -> %System32%\DVCState-{00000000-00000000-00000008-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 7/01/2007 5:13:38 PM | Attr = ]
DVCStateBkp-{00000000-00000000-00000008-00001102-00000004-20021102}.dat -> %System32%\DVCStateBkp-{00000000-00000000-00000008-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 7/01/2007 5:13:38 PM | Attr = ]
ewmpegco.dll -> %System32%\ewmpegco.dll -> [Ver = | Size = 1024000 bytes | Modified Date = 27/12/2006 8:18:04 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 184224 bytes | Modified Date = 30/12/2006 5:23:52 PM | Attr = ]
MonitorA.dll -> %System32%\MonitorA.dll -> [Ver = | Size = 136 bytes | Modified Date = 5/01/2007 9:49:10 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 7/01/2007 5:13:38 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 7/01/2007 5:13:38 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 7/01/2007 7:05:12 AM | Attr = ]

[File String Scan - Non-Microsoft Only]
UPX! , UPX0 , -> %SystemDrive%\t.inx -> [Ver = | Size = 7755 bytes | Modified Date = 5/11/2006 12:00:26 AM | Attr = ]
Thawte Consulting , -> %CommonProgramFiles%\ACD Systems\EN\ipwssl5.dll -> /n software inc. - www.nsoftware.com [Ver = 5.0.0.852 | Size = 321672 bytes | Modified Date = 26/08/2002 4:05:42 PM | Attr = R ]
UPX! , UPX0 , -> %CommonProgramFiles%\SoftInform\Plugins\ISSheaf.dll -> [Ver = | Size = 94208 bytes | Modified Date = 24/02/2004 12:19:34 AM | Attr = ]
UPX! , FSG! , PEC2 , PECompact2 , qoologic , aspack , PTech , ad-beh , SAHAgent , buddy.exe , aurora.exe , web-nex , winsync , UPX0 , Thawte Consulting , USERTRUST , -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 536477696 bytes | Modified Date = 19/11/2006 2:08:48 PM | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 892, 0 | Size = 666240 bytes | Modified Date = 26/09/2006 2:45:08 AM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 8/10/2005 4:14:52 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 13/08/2004 12:18:34 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 13/08/2004 12:32:46 AM | Attr = ]
Thawte Consulting , -> %System32%\XCEEDZIP.DLL -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.1.5062.0 | Size = 456536 bytes | Modified Date = 12/01/2005 11:19:46 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 13/08/2004 12:20:52 AM | Attr = ]

< End of report >

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:41 AM

Posted 08 January 2007 - 05:40 AM

Hi Sydney2K. Ok, let's get started. First, please print these directions so they will be available to you (we will be rebooting into Safe Mode during the fix).

Next, Please follow the steps below in order:

Step #1

Download ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
If you use Firefox browser, do this also:
  • Click Firefox at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser, do this also:
  • Click Opera at the top and choose Select All from the list.
  • Click the Empty Selected button.
  • NOTE : If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Step #2

Download AVG anti-spyware from HERE and save that file to your desktop.
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need to run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen, under "How to act" select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close AVG Anti-Spyware, Do Not run a scan just yet, we will shortly.

Step #3

Now start WinPFind3U. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

[Kill Explorer]
[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> ms -> %ProgramFiles%\Microsoft\svhost32.exe
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
YN -> C:^Documents and Settings^Widya^Start Menu^Programs^Startup^Bandwidth Meter.lnk -> E:\MYPROG~2\Internet\BANDWI~1\BANDWI~1.EXE
[Files - Created Wihin 30 days]
NY -> dllms.dll -> %System32%\dllms.dll
[Files - Modified Wihin 30 days]
NY -> dllms.dll -> %System32%\dllms.dll
[File String Scan - Non-Microsoft Only]
NY -> UPX! , FSG! , PEC2 , PECompact2 , qoologic , aspack , PTech , ad-beh , SAHAgent , buddy.exe , aurora.exe , web-nex , winsync , UPX0 , Thawte Consulting , USERTRUST , -> %SystemRoot%\MEMORY.DMP
[Reboot]


The fix should only take a very short time and then you will be asked if you want to reboot. Choose Yes.

Reboot into Safe Mode by doing the following:
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Step #4

Launch AVG Anti-Spyware by double-clicking the icon on your desktop.

IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning proccess:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
    • IMake sure that Set all elements to: shows Quarantine, if not click on the link and choose Quarantine from the popup menu.
    • At the bottom of the window click on the "Apply all actions" button
    Note: Don't save the report before you hit the Apply action button.
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post the results of the AVG Anti-Spyware report scan.
Step #5

Post the following back here:
  • a new WinPFind3U report
  • the AVG Anti-Spyware report
  • the latest .log file from the WinPFind3u folder (it will be a .log file and have a date_time name in the format mmddyyyy_hhmmss.log)
I will review the information when it comes back in.

Also let me know of any problems you encountered performing the steps above or any continuing problems you are still having with the computer.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 Sydney2K

Sydney2K
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 January 2007 - 02:50 PM

I've undertaken the steps you have suggested. It seems as if the process has solved my problems. After doing the steps I ran a memory test using Avast! and the Lineage trojan didn't appear. However during the process I did find a lot of other things I previously did not pick up, even with running Ad-Aware and Spybot.

You asked to mention any problems, I did pick up a couple of minor problems, mainly to do with AVG. Firstly when I booted into safe mode and ran AVG, the AVG window was larger than my screen size, but I was able to take the steps. Also, in your instructions you mention to save the report on the Reports tab, but it came up blank. I assume you meant me to run the report after I "Apply all actions" so I did that, and the report came up.

Thanks again for your time and effort- I appreciate it.

Following are the reports you asked for.

New WinPFind3U report

WinPFind3 logfile created on: 11/01/2007 5:17:17 AM
WinPFind3U by OldTimer - Version 1.0.9 Folder = I:\WinPFind3u\
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600)
Internet Explorer (Version = 6.0.2900.2180)

1048096 Kb Total Physical Memory | 730240 Kb Available Physical Memory | 69.67% Memory free
3305644 Kb Paging File | 3025060 Kb Available in Paging File | 91.51% Paging File free
Paging file location(s): D:\pagefile.sys 766 766;

%SystemDrive% = C: | %ProgramFiles% = C:\Program Files
Drive C: | 12289692 Kb Total Space | 6514352 Kb Free Space | 53.01% Space Free
Drive D: | 5140768 Kb Total Space | 4353648 Kb Free Space | 84.69% Space Free
Drive E: | 51199152 Kb Total Space | 33873044 Kb Free Space | 66.16% Space Free
Drive F: | 51199152 Kb Total Space | 22602892 Kb Free Space | 44.15% Space Free


[Processes - Non-Microsoft Only]
ashmaisv.exe -> E:\My Programs\Security\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 251520 bytes | Modified Date = 26/09/2006 2:41:44 AM | Attr = ]
ashserv.exe -> E:\My Programs\Security\Avast4\ashServ.exe -> [Ver = 4, 7, 889, 0 | Size = 108160 bytes | Modified Date = 26/09/2006 2:42:02 AM | Attr = ]
ashwebsv.exe -> E:\My Programs\Security\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 370304 bytes | Modified Date = 26/09/2006 2:41:34 AM | Attr = ]
aswupdsv.exe -> E:\My Programs\Security\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 26/09/2006 2:32:08 AM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 13/09/2003 1:33:38 PM | Attr = ]
ati2evxx.exe -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 13/09/2003 1:33:38 PM | Attr = ]
avgas.exe -> E:\My Programs\Security\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 7/10/2006 11:20:00 PM | Attr = ]
ctdvddet.exe -> E:\My Drivers\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 2:00:00 AM | Attr = ]
ctsvccda.exe -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/01/2005 11:58:06 PM | Attr = ]
ctsysvol.exe -> E:\My Drivers\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Modified Date = 17/09/2003 11:43:36 AM | Attr = ]
fast2.exe -> E:\My Programs\Utilities\FAST Defrag\FAST2.EXE -> AMS Software [Ver = 2.03 | Size = 58880 bytes | Modified Date = 31/12/2003 1:00:00 PM | Attr = ]
fwsrv.exe -> E:\My Programs\Security\Jetico Personal Firewall\fwsrv.exe -> Jetico, Inc. [Ver = 1.0.1.61 | Size = 118784 bytes | Modified Date = 19/07/2005 5:22:14 PM | Attr = ]
guard.exe -> E:\My Programs\Security\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 1:13:20 AM | Attr = ]
incd.exe -> E:\My Programs\Disk\Nero Express\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 16, 1 | Size = 1397760 bytes | Modified Date = 11/06/2005 1:20:06 AM | Attr = ]
incdsrv.exe -> E:\My Programs\Disk\Nero Express\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 16, 1 | Size = 869888 bytes | Modified Date = 10/06/2005 6:19:38 PM | Attr = ]
jusched.exe -> E:\My Programs\Utilities\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 9/11/2006 3:07:30 PM | Attr = ]
kbdap32a.exe -> E:\My Programs\Utilities\Labtec Media Keyboard V5.0\KbdAp32A.exe -> [Ver = 3.9.2.1 | Size = 387584 bytes | Modified Date = 28/01/2005 9:23:24 PM | Attr = ]
moffice.exe -> E:\My Programs\Utilities\Labtec Mouse 2.1\moffice.exe -> [Ver = 1, 0, 0, 1 | Size = 802816 bytes | Modified Date = 4/10/2006 12:30:22 PM | Attr = ]
mouse32a.exe -> E:\My Programs\Utilities\Labtec Mouse 2.1\mouse32a.exe -> [Ver = 3.0.1.0 | Size = 356352 bytes | Modified Date = 4/10/2006 12:30:22 PM | Attr = ]
nost_lm.exe -> E:\My Programs\Games\Belkin\Nostromo\nost_LM.exe -> [Ver = 2.5 | Size = 434176 bytes | Modified Date = 30/04/2002 10:02:56 AM | Attr = ]
rcman.exe -> E:\My Programs\Audio\Creative MediaSource\RemoteControl\RcMan.exe -> Creative Technology Ltd [Ver = 2.1.0.2 | Size = 139264 bytes | Modified Date = 8/10/2003 5:35:42 PM | Attr = ]
teatimer.exe -> E:\My Programs\Security\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 2:04:00 AM | Attr = ]
ubspawn.exe -> E:\My Programs\ubSpawn.exe -> United Bytes [Ver = 0.5.5.0 | Size = 716800 bytes | Modified Date = 2/09/2006 9:39:44 PM | Attr = ]
watch.exe -> %SystemRoot%\twain_32\C6U14K\WATCH.exe -> Common Group [Ver = 2, 3, 5, 0 | Size = 356352 bytes | Modified Date = 9/07/2001 3:38:10 PM | Attr = ]
winpfind3u.exe -> I:\WinPFind3u\WinPFind3U.exe -> Oldtimer Tools [Ver = 1.0.9.0 | Size = 306176 bytes | Modified Date = 6/01/2007 2:14:24 PM | Attr = ]

[Win32 Services - Non-Microsoft Only]
(aswUpdSv) avast! iAVS4 Control Service [Win32_Own | Auto | Running] -> E:\My Programs\Security\Avast4\aswUpdSv.exe -> [Ver = | Size = 59008 bytes | Modified Date = 26/09/2006 2:32:08 AM | Attr = ]
(Ati HotKey Poller) Ati HotKey Poller [Win32_Own | Auto | Running] -> %System32%\ati2evxx.exe -> [Ver = | Size = 376832 bytes | Modified Date = 13/09/2003 1:33:38 PM | Attr = ]
(ATI Smart) ATI Smart [Win32_Own | Auto | Stopped] -> %System32%\ati2sgag.exe -> [Ver = 5.13.0013 | Size = 114688 bytes | Modified Date = 12/09/2003 10:10:00 PM | Attr = ]
(avast! Antivirus) avast! Antivirus [Win32_Own | Auto | Running] -> E:\My Programs\Security\Avast4\ashServ.exe -> [Ver = 4, 7, 889, 0 | Size = 108160 bytes | Modified Date = 26/09/2006 2:42:02 AM | Attr = ]
(avast! Mail Scanner) avast! Mail Scanner [Win32_Own | On_Demand | Running] -> E:\My Programs\Security\Avast4\ashMaiSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 251520 bytes | Modified Date = 26/09/2006 2:41:44 AM | Attr = ]
(avast! Web Scanner) avast! Web Scanner [Win32_Own | On_Demand | Running] -> E:\My Programs\Security\Avast4\ashWebSv.exe -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 370304 bytes | Modified Date = 26/09/2006 2:41:34 AM | Attr = ]
(AVG Anti-Spyware Guard) AVG Anti-Spyware Guard [Win32_Own | Auto | Running] -> E:\My Programs\Security\AVG Anti-Spyware 7.5\guard.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 204800 bytes | Modified Date = 29/09/2006 1:13:20 AM | Attr = ]
(Creative Service for CDROM Access) Creative Service for CDROM Access [Win32_Own | Auto | Running] -> %System32%\CTSVCCDA.EXE -> Creative Technology Ltd [Ver = 1.0.1.0 | Size = 44032 bytes | Modified Date = 13/01/2005 11:58:06 PM | Attr = ]
(dmadmin) Logical Disk Manager Administrative Service [Win32_Shared | On_Demand | Stopped] -> %System32%\dmadmin.exe -> Microsoft Corp., Veritas Software [Ver = 2600.2180.503.0 | Size = 224768 bytes | Modified Date = 13/08/2004 12:18:40 AM | Attr = ]
(InCDsrv) InCD Helper [Win32_Own | Auto | Running] -> E:\My Programs\Disk\Nero Express\InCD\InCDsrv.exe -> Nero AG [Ver = 4, 3, 16, 1 | Size = 869888 bytes | Modified Date = 10/06/2005 6:19:38 PM | Attr = ]

[Registry - Non-Microsoft Only]
< Run [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
!AVG Anti-Spyware -> E:\My Programs\Security\AVG Anti-Spyware 7.5\avgas.exe -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 50 | Size = 6266880 bytes | Modified Date = 7/10/2006 11:20:00 PM | Attr = ]
CTDVDDET -> E:\My Drivers\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.exe -> Creative Technology Ltd [Ver = 1.0.3.0 | Size = 45056 bytes | Modified Date = 18/06/2003 2:00:00 AM | Attr = ]
CTSysVol -> E:\My Drivers\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe -> Creative Technology Ltd [Ver = 1.4.1.0 | Size = 57344 bytes | Modified Date = 17/09/2003 11:43:36 AM | Attr = ]
FLMOFFICE4DMOUSE -> E:\My Programs\Utilities\Labtec Mouse 2.1\moffice.exe -> [Ver = 1, 0, 0, 1 | Size = 802816 bytes | Modified Date = 4/10/2006 12:30:22 PM | Attr = ]
InCD -> E:\My Programs\Disk\Nero Express\InCD\InCD.exe -> Nero AG [Ver = 4, 3, 16, 1 | Size = 1397760 bytes | Modified Date = 11/06/2005 1:20:06 AM | Attr = ]
KernelFaultCheck -> -> File not found
LWBKEYBOARD -> E:\My Programs\Utilities\Labtec Media Keyboard V5.0\KbdAp32A.exe -> [Ver = 3.9.2.1 | Size = 387584 bytes | Modified Date = 28/01/2005 9:23:24 PM | Attr = ]
NeroFilterCheck -> %System32%\NeroCheck.exe -> Ahead Software Gmbh [Ver = 1, 0, 0, 2 | Size = 155648 bytes | Modified Date = 9/07/2001 12:50:42 PM | Attr = ]
SunJavaUpdateSched -> E:\My Programs\Utilities\Java\jre1.5.0_10\bin\jusched.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49263 bytes | Modified Date = 9/11/2006 3:07:30 PM | Attr = ]
< OptionalComponents [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\
IMAIL -> Installed = 1 ->
MAPI -> Installed = 1 ->
MSFS -> Installed = 1 ->
< Run [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
-> -> File not found
ATI Launchpad -> -> File not found
FAST Defrag -> E:\My Programs\Utilities\FAST Defrag\FAST2.EXE -> AMS Software [Ver = 2.03 | Size = 58880 bytes | Modified Date = 31/12/2003 1:00:00 PM | Attr = ]
RemoteCenter -> E:\My Programs\Audio\Creative MediaSource\RemoteControl\RcMan.exe -> Creative Technology Ltd [Ver = 2.1.0.2 | Size = 139264 bytes | Modified Date = 8/10/2003 5:35:42 PM | Attr = ]
SpybotSD TeaTimer -> E:\My Programs\Security\Spybot - Search & Destroy\TeaTimer.exe -> Safer Networking Limited [Ver = 1, 4, 0, 2 | Size = 1415824 bytes | Modified Date = 31/05/2005 2:04:00 AM | Attr = ]
< Common Startup > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup
%AllUsersStartup%\Loadout Manager.lnk -> E:\My Programs\Games\Belkin\Nostromo\nost_LM.exe -> [Ver = 2.5 | Size = 434176 bytes | Modified Date = 30/04/2002 10:02:56 AM | Attr = ]
%AllUsersStartup%\Shortcut to fwsrv.lnk -> E:\My Programs\Security\Jetico Personal Firewall\fwsrv.exe -> Jetico, Inc. [Ver = 1.0.1.61 | Size = 118784 bytes | Modified Date = 19/07/2005 5:22:14 PM | Attr = ]
%AllUsersStartup%\Shortcut to ubSpawn.lnk -> E:\My Programs\ubSpawn.exe -> United Bytes [Ver = 0.5.5.0 | Size = 716800 bytes | Modified Date = 2/09/2006 9:39:44 PM | Attr = ]
%AllUsersStartup%\Watch.lnk -> %SystemRoot%\twain_32\C6U14K\WATCH.exe -> Common Group [Ver = 2, 3, 5, 0 | Size = 356352 bytes | Modified Date = 9/07/2001 3:38:10 PM | Attr = ]
< Disabled MSConfig Folder Items[HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\
C:^Documents and Settings^Widya^Start Menu^Programs^Startup^Ativa Net Meter 4.lnk -> E:\Old\Program Files\1-Internet\Ativa Net Meter\Ativa.exe -> Software Solutions [Ver = 4.2.0.0 | Size = 1149952 bytes | Modified Date = 9/04/2003 9:55:50 PM | Attr = ]
< Disabled MSConfig Registry Items [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\
WinFast Schedule -> %ProgramFiles%\WinFast\WFTVFM\WFWIZ.exe -> File not found
WinFastDTV -> %ProgramFiles%\WinFast\WFDTV\DTVSchdl.exe -> File not found
< ShellExecuteHooks [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks
{57B86673-276A-48B2-BAE7-C6DBB3020EB8} [HKLM] -> E:\My Programs\Security\AVG Anti-Spyware 7.5\shellexecutehook.dll [AVG Anti-Spyware 7.5] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 47 | Size = 73728 bytes | Modified Date = 29/09/2006 1:13:28 AM | Attr = ]
< SecurityProviders [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders
< Winlogon settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
*VMApplet* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet ->
Control_RunDLL -> -> File not found
< Winlogon settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon
< Winlogon\Notify settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
< Policy Settings [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{BDEADF00-C265-11D0-BCED-00A0C90AB50F} -> 1 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{6DFD7C5C-2451-11d3-A299-00C04F8EF6AF} -> 1073741857 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\NonEnum\\{0DF44EAA-FF21-4412-828E-260A8728E7F1} -> 32 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\ -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\dontdisplaylastusername -> 0 ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticecaption -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\legalnoticetext -> ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\\shutdownwithoutlogon -> 1 ->
< Policy Settings [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun -> 145 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\ -> ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr -> 0 ->
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools -> 0 ->
-> HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer not found. ->
< Desktop Components > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\
0 -> [Key] ->
0 -> FriendlyName = My Current Home Page ->
0 -> Source = About:Home ->
0 -> SubscribedURL = About:Home ->
< HOSTS File > -> C:\WINDOWS\System32\drivers\etc\Hosts
127.255.255.255 www.getright.com -> ->
127.255.255.255 pro.getright.com -> ->
127.255.255.255 www.headlightinc.com -> ->
< Internet Explorer Settings > ->
HKLM: Default_Page_URL -> http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome ->
HKLM: Main\\Default_Search_URL -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Local Page -> %SystemRoot%\system32\blank.htm ->
HKLM: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKLM: Start Page -> http://www.microsoft.com/isapi/redir.dll?p...ER}&ar=home ->
HKLM: CustomizeSearch -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm ->
HKLM: SearchAssistant -> http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm ->
HKCU: Local Page -> C:\WINDOWS\system32\blank.htm ->
HKCU: Search Page -> http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch ->
HKCU: Start Page -> file:///F:/My%20Documents/html/links.html ->
HKCU: ProxyEnable -> 0 ->
< Trusted Sites > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\
msn.com [ - ] -> ->
< BHO's > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{0FD387DF-5E13-4EAB-BB19-A1F4C2D0B325} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEPlugins.dll [PixGrabberBHO Class] -> TODO: <Company name> [Ver = 1.0.0.1 | Size = 84480 bytes | Modified Date = 13/09/2004 3:13:50 AM | Attr = ]
{111CAA23-6F4F-42AC-8555-B48C1D87BBAB} [HKLM] -> %System32%\gigagetbho_v10.dll [GigagetIEHelper Class] -> Giganology Inc. [Ver = 4, 6, 0, 48 | Size = 86016 bytes | Modified Date = 9/01/2006 4:01:08 PM | Attr = ]
{31FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKLM] -> E:\My Programs\Internet\GetRight 6.0\xx2gr.dll [bho2gr Class] -> Headlight Software, Inc. [Ver = 6.0c | Size = 237568 bytes | Modified Date = 11/09/2006 6:37:48 PM | Attr = ]
{53707962-6F74-2D53-2644-206D7942484F} [HKLM] -> E:\My Programs\Security\Spybot - Search & Destroy\SDHelper.dll [Reg Data - Value does not exist] -> Safer Networking Limited [Ver = 1, 4, 0, 0 | Size = 853672 bytes | Modified Date = 31/05/2005 2:04:00 AM | Attr = ]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> E:\My Programs\Utilities\Java\jre1.5.0_10\bin\ssv.dll [SSVHelper Class] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 9/11/2006 3:21:52 PM | Attr = ]
{CC59E0F9-7E43-44FA-9FAA-8377850BF205} [HKLM] -> E:\My Programs\Internet\Free Download Manager\iefdmcks.dll [FDMIECookiesBHO Class] -> [Ver = | Size = 81920 bytes | Modified Date = 20/08/2006 8:55:00 PM | Attr = ]
< Internet Explorer ToolBars [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar
{4A360645-F363-416A-A7A3-54E4804F90ED} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEGUI.dll [PixGrabber Links Bar] -> [Ver = | Size = 549888 bytes | Modified Date = 8/02/2005 9:19:36 PM | Attr = ]
{9377C91E-EB13-4AF4-9B45-42BE835BB548} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEGUI.dll [PixGrabber Bar] -> [Ver = | Size = 549888 bytes | Modified Date = 8/02/2005 9:19:36 PM | Attr = ]
{EC3A37EF-F4CF-447A-B0FD-206073E2DAE9} [HKLM] -> E:\My Programs\Internet\Paessler Site Inspector 4\PsiToolbar.dll [&Paessler Site Inspector 4 Toolbar] -> Paessler GmbH [Ver = 4.1.0.724 | Size = 4489216 bytes | Modified Date = 6/04/2006 10:38:18 AM | Attr = ]
< Internet Explorer ToolBars [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
WebBrowser\\{4A360645-F363-416A-A7A3-54E4804F90ED} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEGUI.dll [PixGrabber Links Bar] -> [Ver = | Size = 549888 bytes | Modified Date = 8/02/2005 9:19:36 PM | Attr = ]
WebBrowser\\{9377C91E-EB13-4AF4-9B45-42BE835BB548} [HKLM] -> E:\My Programs\Internet\PixGrabber Free\PxGIEGUI.dll [PixGrabber Bar] -> [Ver = | Size = 549888 bytes | Modified Date = 8/02/2005 9:19:36 PM | Attr = ]
< Internet Explorer CmdMapping [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions\CmdMapping
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} -> 8193 - Sun Java Console ->
{FB5F1910-F110-11d2-BB9E-00C04F795683} -> 8192 - Windows Messenger ->
NextId -> 8194 ->
< Internet Explorer Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> E:\My Programs\Utilities\Java\jre1.5.0_10\bin\npjpi150_10.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 75528 bytes | Modified Date = 9/11/2006 3:21:54 PM | Attr = ]
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKCU] -> E:\My Programs\Utilities\Java\jre1.5.0_10\bin\ssv.dll [MenuText: Sun Java Console] -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 440056 bytes | Modified Date = 9/11/2006 3:21:52 PM | Attr = ]
< Internet Explorer Menu Extensions [HKCU] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\
&Download All by Gigaget -> E:\My Programs\Internet\Gigaget\getallurl.htm -> [Ver = | Size = 886 bytes | Modified Date = 30/12/2005 12:32:54 PM | Attr = ]
&Download by Gigaget -> E:\My Programs\Internet\Gigaget\geturl.htm -> [Ver = | Size = 2239 bytes | Modified Date = 30/12/2005 7:28:14 PM | Attr = ]
Download all with Free Download Manager -> E:\My Programs\Internet\Free Download Manager\dlall.htm -> [Ver = | Size = 879 bytes | Modified Date = 5/07/2006 7:23:58 PM | Attr = ]
Download selected with Free Download Manager -> E:\My Programs\Internet\Free Download Manager\dlselected.htm -> [Ver = | Size = 449 bytes | Modified Date = 18/05/2006 8:45:38 PM | Attr = ]
Download with Free Download Manager -> E:\My Programs\Internet\Free Download Manager\dllink.htm -> [Ver = | Size = 1058 bytes | Modified Date = 5/07/2006 7:20:08 PM | Attr = ]
Download with GetRight Pro -> E:\My Programs\Internet\GetRight 6.0\GRdownload.htm -> [Ver = | Size = 994 bytes | Modified Date = 29/03/2006 4:35:14 PM | Attr = ]
Open with GetRight Pro Browser -> E:\My Programs\Internet\GetRight 6.0\GRBrowse.htm -> [Ver = | Size = 977 bytes | Modified Date = 29/03/2006 4:35:14 PM | Attr = ]
PSI: Copy Image as HTML Tag -> -> File not found
PSI: Copy Image URL -> -> File not found
PSI: Copy Link as HTML Tag -> -> File not found
PSI: Copy Meister -> -> File not found
PSI: Open Frame In New Window -> -> File not found
PSI: Open Frame In This Window -> -> File not found
PSI: Open Selected Text as URL in New Window -> -> File not found
PSI: Show All Forms -> -> File not found
PSI: Show All Images -> -> File not found
PSI: Show All Links -> -> File not found
PSI: Show All Scripts -> -> File not found
PSI: Show All Stylesheets -> -> File not found
PSI: Show HTTP Header -> -> File not found
PSI: Show Source -> -> File not found
< Approved Shell Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} [HKLM] -> Reg Data - Key not found [Autoplay for SlideShow] -> File not found
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> E:\My Programs\Video\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 61440 bytes | Modified Date = 26/02/2006 4:50:46 AM | Attr = ]
{0DF44EAA-FF21-4412-828E-260A8728E7F1} [HKLM] -> Reg Data - Key not found [Taskbar and Start Menu] -> File not found
{42071714-76d4-11d1-8b24-00a0c9068ff3} [HKLM] -> deskpan.dll [Display Panning CPL Extension] -> File not found
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> E:\My Programs\Security\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 13824 bytes | Modified Date = 26/09/2006 2:36:56 AM | Attr = ]
{764BF0E1-F219-11ce-972D-00AA00A14F56} [HKLM] -> Reg Data - Key not found [Shell extensions for file compression] -> File not found
{7A9D77BD-5403-11d2-8785-2E0420524153} [HKLM] -> Reg Data - Key not found [User Accounts] -> File not found
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} [HKLM] -> Reg Data - Key not found [Encryption Context Menu] -> File not found
{88895560-9AA2-1069-930E-00AA0030EBC8} [HKLM] -> %System32%\hticons.dll [HyperTerminal Icon Ext] -> Hilgraeve, Inc. [Ver = 5.1.2600.0 | Size = 44544 bytes | Modified Date = 13/08/2004 12:19:44 AM | Attr = ]
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> E:\My Programs\Disk\Nero Express\InCD\incdshx.dll [Shell Extension for CDRW] -> Nero AG [Ver = 4, 3, 16, 1 | Size = 103424 bytes | Modified Date = 10/06/2005 6:20:36 PM | Attr = ]
{E4D8441D-F89C-4b5c-90AC-A857E1768F1F} [HKLM] -> Reg Data - Key not found [Haali Matroska Thumbnail Exctractor] -> File not found
< Approved Shell Extensions [HKCU] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} [HKLM] -> %CommonProgramFiles%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Web Folders] -> [Ver = | Size = 561209 bytes | Modified Date = 19/05/2001 11:57:40 PM | Attr = ]
< ContextMenuHandlers - * [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> E:\My Programs\Security\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 13824 bytes | Modified Date = 26/09/2006 2:36:56 AM | Attr = ]
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> E:\My Programs\Security\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 6/10/2006 10:40:48 PM | Attr = ]
{26E7F081-EB97-11d3-9239-006008D2D00F} [HKLM] -> E:\My Programs\File\PowerDesk\PDShExt.dll [PowerDesk Menu] -> Avanquest Publishing USA, Inc. [Ver = 6.0.1.2 | Size = 241664 bytes | Modified Date = 4/10/2005 2:08:52 PM | Attr = ]
< ContextMenuHandlers - Directory [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\shellex\ContextMenuHandlers\
{8934FCEF-F5B8-468f-951F-78A921CD3920} [HKLM] -> E:\My Programs\Security\AVG Anti-Spyware 7.5\context.dll [AVG Anti-Spyware] -> Anti-Malware Development a.s. [Ver = 7, 5, 0, 49 | Size = 98304 bytes | Modified Date = 6/10/2006 10:40:48 PM | Attr = ]
{26E7F081-EB97-11d3-9239-006008D2D00F} [HKLM] -> E:\My Programs\File\PowerDesk\PDShExt.dll [PowerDesk Menu] -> Avanquest Publishing USA, Inc. [Ver = 6.0.1.2 | Size = 241664 bytes | Modified Date = 4/10/2005 2:08:52 PM | Attr = ]
< ContextMenuHandlers - Directory\Background [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
{950FF917-7A57-46BC-8017-59D9BF474000} [HKLM] -> E:\My Programs\Disk\Nero Express\InCD\incdshx.dll [InCDMenu] -> Nero AG [Ver = 4, 3, 16, 1 | Size = 103424 bytes | Modified Date = 10/06/2005 6:20:36 PM | Attr = ]
< ContextMenuHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\Software\Classes\Folder\shellex\ContextMenuHandlers\
{472083B0-C522-11CF-8763-00608CC02F24} [HKLM] -> E:\My Programs\Security\Avast4\ashShell.dll [avast] -> ALWIL Software [Ver = 4, 7, 889, 0 | Size = 13824 bytes | Modified Date = 26/09/2006 2:36:56 AM | Attr = ]
{54F51408-DD44-4a12-82EF-519AD2A80DE9} [HKLM] -> E:\My Programs\Video\ATI Multimedia\mlibrary\MLShell.dll [Library] -> ATI Technologies Inc. [Ver = 8.6.000 | Size = 57344 bytes | Modified Date = 2/09/2003 6:13:32 AM | Attr = ]
< ColumnHandlers - Folder [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{0561EC90-CE54-4f0c-9C55-E226110A740C} [HKLM] -> E:\My Programs\Video\Avi2Dvd\Programs\Filters\Haali media splitter\mmfinfo.dll [Haali Column Provider] -> [Ver = | Size = 61440 bytes | Modified Date = 26/02/2006 4:50:46 AM | Attr = ]
< User Agent Post Platform [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform
SV1 -> ->
< DNS Name Servers [HKLM] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\
{13F349CF-6BE0-413B-BB67-5CB6AA204678} -> () ->
{487BD4E6-982C-4170-A324-04F3DE9923AB} -> () ->
{5F94E7B1-EF35-433D-8109-3EE9EB0B634A} -> () ->
{C073E8A1-9154-45A8-A283-7DEFFD6EA427} -> (SiS 900-Based PCI Fast Ethernet Adapter) ->
{C36A5E3C-5E68-41F9-A450-32A75D85C672} -> 203.12.160.35,203.12.160.36 (Dynalink USB ADSL LAN Modem) ->
{E97A58EF-2C08-4A6F-9F6C-3AA25580DDAC} -> (1394 Net Adapter) ->
{EF9766A3-D6EC-4B5C-842D-548EF8605277} -> () ->
< Protocol Handlers [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
ipp -> Reg Data - Key not found -> File not found
msdaipp -> Reg Data - Key not found -> File not found
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\
{0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -> CKAVWebScan Object - CodeBase = http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab ->
{8AD9C840-044E-11D1-B3E9-00805F499D93} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} -> Java Plug-in 1.5.0_10 - CodeBase = http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab ->
{D27CDB6E-AE6D-11CF-96B8-444553540000} -> - CodeBase = http://fpdownload.macromedia.com/get/flash...ent/swflash.cab ->


[Files - Created Wihin 30 days]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073319936 bytes | Created Date = 2/01/1601 2:00:00 PM | Attr = HS]
ctor.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1235 | Size = 57344 bytes | Created Date = 16/12/2006 6:30:07 PM | Attr = ]
DotNetInstaller.exe -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 7.0.100.1032 | Size = 5632 bytes | Created Date = 16/12/2006 6:30:06 PM | Attr = ]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1234 | Size = 163972 bytes | Created Date = 16/12/2006 6:30:03 PM | Attr = ]
iKernel.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1242 | Size = 696320 bytes | Created Date = 16/12/2006 6:30:06 PM | Attr = ]
iscript.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1235 | Size = 237568 bytes | Created Date = 16/12/2006 6:30:07 PM | Attr = ]
iuser.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1236 | Size = 155648 bytes | Created Date = 16/12/2006 6:30:07 PM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\setup.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1248 | Size = 282756 bytes | Created Date = 16/12/2006 6:30:01 PM | Attr = ]
ctor.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 69714 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
DotNetInstaller.exe -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe -> InstallShield Software Corporation [Ver = 11.0.0.28844 | Size = 5632 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 200836 bytes | Created Date = 27/12/2006 6:05:25 PM | Attr = ]
iKernel.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 753664 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
iscript.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 274432 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
iuser.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 184320 bytes | Created Date = 27/12/2006 6:05:26 PM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 331908 bytes | Created Date = 27/12/2006 6:05:22 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Created Date = 9/01/2007 7:01:56 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Created Date = 9/01/2007 7:01:56 PM | Attr = H ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Created Date = 4/01/2007 6:35:40 PM | Attr = ]
java.exe -> %System32%\java.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49248 bytes | Created Date = 9/01/2007 7:35:43 PM | Attr = ]
javaw.exe -> %System32%\javaw.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 53346 bytes | Created Date = 9/01/2007 7:35:43 PM | Attr = ]
javaws.exe -> %System32%\javaws.exe -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 127078 bytes | Created Date = 9/01/2007 7:35:43 PM | Attr = ]
jpicpl32.cpl -> %System32%\jpicpl32.cpl -> Sun Microsystems, Inc. [Ver = 5.0.100.3 | Size = 49265 bytes | Created Date = 9/01/2007 7:35:43 PM | Attr = ]
MonitorA.dll -> %System32%\MonitorA.dll -> [Ver = | Size = 136 bytes | Created Date = 30/12/2006 6:46:04 AM | Attr = ]
AvgAsCln.sys -> %System32%\drivers\AvgAsCln.sys -> GRISOFT, s.r.o. [Ver = 1.0.0.14 | Size = 3968 bytes | Created Date = 10/01/2007 5:12:42 PM | Attr = ]
wfdbbda.sys -> %System32%\drivers\wfdbbda.sys -> Leadtek [Ver = 5.13.11.805 | Size = 29952 bytes | Created Date = 16/12/2006 6:12:04 PM | Attr = ]
wfdbload.sys -> %System32%\drivers\wfdbload.sys -> Leadtek [Ver = 5.13.11.805 | Size = 18560 bytes | Created Date = 16/12/2006 6:11:22 PM | Attr = R ]

[Files - Modified Wihin 30 days]
boot.ini -> %SystemDrive%\boot.ini -> [Ver = | Size = 211 bytes | Modified Date = 6/01/2007 3:20:46 PM | Attr = HS]
hiberfil.sys -> %SystemDrive%\hiberfil.sys -> [Ver = | Size = 1073319936 bytes | Modified Date = 11/01/2007 5:14:10 AM | Attr = HS]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1234 | Size = 163972 bytes | Modified Date = 16/12/2006 7:30:04 PM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\0701\Intel32\setup.dll -> InstallShield Software Corporation [Ver = 7, 01, 100, 1248 | Size = 282756 bytes | Modified Date = 16/12/2006 7:30:02 PM | Attr = ]
iGdi.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 200836 bytes | Modified Date = 27/12/2006 7:05:26 PM | Attr = ]
setup.dll -> %CommonProgramFiles%\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll -> Macrovision Corporation [Ver = 11.00.28844 | Size = 331908 bytes | Modified Date = 27/12/2006 7:05:24 PM | Attr = ]
bootstat.dat -> %SystemRoot%\bootstat.dat -> [Ver = | Size = 2048 bytes | Modified Date = 11/01/2007 5:14:14 AM | Attr = S]
mozver.dat -> %SystemRoot%\mozver.dat -> [Ver = | Size = 2413 bytes | Modified Date = 9/01/2007 8:37:36 PM | Attr = ]
NeroDigital.ini -> %SystemRoot%\NeroDigital.ini -> [Ver = | Size = 116 bytes | Modified Date = 10/01/2007 7:09:28 AM | Attr = ]
ODBC.INI -> %SystemRoot%\ODBC.INI -> [Ver = | Size = 478 bytes | Modified Date = 28/12/2006 10:17:08 PM | Attr = ]
QTFont.for -> %SystemRoot%\QTFont.for -> [Ver = | Size = 1409 bytes | Modified Date = 9/01/2007 8:01:58 PM | Attr = ]
QTFont.qfn -> %SystemRoot%\QTFont.qfn -> [Ver = | Size = 54156 bytes | Modified Date = 9/01/2007 8:01:58 PM | Attr = H ]
system.ini -> %SystemRoot%\system.ini -> [Ver = | Size = 256 bytes | Modified Date = 6/01/2007 3:20:46 PM | Attr = ]
UEDIT32.INI -> %SystemRoot%\UEDIT32.INI -> [Ver = | Size = 5882 bytes | Modified Date = 4/01/2007 11:57:54 PM | Attr = ]
win.ini -> %SystemRoot%\win.ini -> [Ver = | Size = 1142 bytes | Modified Date = 6/01/2007 3:20:46 PM | Attr = ]
WMSysPr9.prx -> %SystemRoot%\WMSysPr9.prx -> [Ver = | Size = 316640 bytes | Modified Date = 16/12/2006 7:35:10 PM | Attr = ]
{00000000-00000000-00000008-00001102-00000004-20021102}.CDF -> %SystemRoot%\{00000000-00000000-00000008-00001102-00000004-20021102}.CDF -> [Ver = | Size = 4935514 bytes | Modified Date = 11/01/2007 5:15:14 AM | Attr = ]
BMXBkpCtrlState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> %System32%\BMXBkpCtrlState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> [Ver = | Size = 32088 bytes | Modified Date = 10/01/2007 6:24:30 PM | Attr = ]
BMXCtrlState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> %System32%\BMXCtrlState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> [Ver = | Size = 32088 bytes | Modified Date = 10/01/2007 6:24:30 PM | Attr = ]
BMXState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> %System32%\BMXState-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> [Ver = | Size = 32592 bytes | Modified Date = 10/01/2007 6:24:30 PM | Attr = ]
BMXStateBkp-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> %System32%\BMXStateBkp-{00000000-00000000-00000008-00001102-00000004-20021102}.rfx -> [Ver = | Size = 32592 bytes | Modified Date = 10/01/2007 6:24:30 PM | Attr = ]
CmdLineExt03.dll -> %System32%\CmdLineExt03.dll -> [Ver = | Size = 43520 bytes | Modified Date = 4/01/2007 7:35:42 PM | Attr = ]
DVCState-{00000000-00000000-00000008-00001102-00000004-20021102}.dat -> %System32%\DVCState-{00000000-00000000-00000008-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 10/01/2007 6:24:30 PM | Attr = ]
DVCStateBkp-{00000000-00000000-00000008-00001102-00000004-20021102}.dat -> %System32%\DVCStateBkp-{00000000-00000000-00000008-00001102-00000004-20021102}.dat -> [Ver = | Size = 384 bytes | Modified Date = 10/01/2007 6:24:30 PM | Attr = ]
ewmpegco.dll -> %System32%\ewmpegco.dll -> [Ver = | Size = 1024000 bytes | Modified Date = 27/12/2006 8:18:04 AM | Attr = ]
FNTCACHE.DAT -> %System32%\FNTCACHE.DAT -> [Ver = | Size = 184224 bytes | Modified Date = 30/12/2006 5:23:52 PM | Attr = ]
MonitorA.dll -> %System32%\MonitorA.dll -> [Ver = | Size = 136 bytes | Modified Date = 5/01/2007 9:49:10 PM | Attr = ]
settings.sfm -> %System32%\settings.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 10/01/2007 6:24:30 PM | Attr = ]
settingsbkup.sfm -> %System32%\settingsbkup.sfm -> [Ver = | Size = 1080 bytes | Modified Date = 10/01/2007 6:24:30 PM | Attr = ]
wpa.dbl -> %System32%\wpa.dbl -> [Ver = | Size = 2422 bytes | Modified Date = 10/01/2007 6:25:44 PM | Attr = ]

[File String Scan - Non-Microsoft Only]
Thawte Consulting , -> %CommonProgramFiles%\ACD Systems\EN\ipwssl5.dll -> /n software inc. - www.nsoftware.com [Ver = 5.0.0.852 | Size = 321672 bytes | Modified Date = 26/08/2002 4:05:42 PM | Attr = R ]
Thawte Consulting , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\core3.zip -> [Ver = | Size = 3290841 bytes | Modified Date = 9/11/2006 3:38:34 PM | Attr = ]
USERTRUST , -> %CommonProgramFiles%\Java\Update\Base Images\jre1.5.0.b64\patch-jre1.5.0_10.b03\patchjre.exe -> Sun Microsystems, Inc. [Ver = 1, 0, 0, 1 | Size = 4650616 bytes | Modified Date = 9/11/2006 3:38:38 PM | Attr = ]
UPX! , UPX0 , -> %CommonProgramFiles%\SoftInform\Plugins\ISSheaf.dll -> [Ver = | Size = 94208 bytes | Modified Date = 24/02/2004 12:19:34 AM | Attr = ]
UPX! , FSG! , PEC2 , PECompact2 , qoologic , aspack , PTech , ad-beh , SAHAgent , buddy.exe , aurora.exe , web-nex , winsync , UPX0 , Thawte Consulting , USERTRUST , -> %SystemRoot%\MEMORY.DMP -> [Ver = | Size = 536477696 bytes | Modified Date = 19/11/2006 2:08:48 PM | Attr = ]
UPX! , UPX0 , -> %System32%\aswBoot.exe -> [Ver = 4, 7, 892, 0 | Size = 666240 bytes | Modified Date = 26/09/2006 2:45:08 AM | Attr = ]
UPX! , UPX0 , -> %System32%\avisynth.dll -> The Public [Ver = 2, 5, 6, 0 | Size = 308224 bytes | Modified Date = 8/10/2005 4:14:52 AM | Attr = ]
PEC2 , -> %System32%\dfrg.msc -> [Ver = | Size = 41397 bytes | Modified Date = 13/08/2004 12:18:34 AM | Attr = ]
winsync , -> %System32%\wbdbase.deu -> [Ver = | Size = 1309184 bytes | Modified Date = 13/08/2004 12:32:46 AM | Attr = ]
Thawte Consulting , -> %System32%\XCEEDZIP.DLL -> Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com [Ver = 5.1.5062.0 | Size = 456536 bytes | Modified Date = 12/01/2005 11:19:46 AM | Attr = ]
WSUD , UPX0 , -> %System32%\dllcache\hwxjpn.dll -> [Ver = | Size = 13463552 bytes | Modified Date = 13/08/2004 12:20:52 AM | Attr = ]

< End of report >

#6 Sydney2K

Sydney2K
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 January 2007 - 02:52 PM

AVG Anti-spyware report

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:10:51 AM 1/11/2007

+ Scan result:



E:\OldWin98SE\WINDOWS\TEMP\tBmp207.exe -> Backdoor.Haxdoor.fx : Cleaned with backup (quarantined).
E:\OldWin98SE\WINDOWS\SYSTEM32\KewlButtonz.ocx -> Backdoor.IRCBot : Cleaned with backup (quarantined).
C:\t.inx -> Downloader.Tibs.ir : Cleaned with backup (quarantined).
F:\Old\E\Downloads\Playstation.2.Emulator.BIOS.Included-GOLdENFLAiR\Pcsx2_0.9.1_Setup.exe -> Dropper.Agent.adw : Cleaned with backup (quarantined).
G:\Download\Software\Patch for p2p and WXPSP2 -EvID4226.exe -> Not-A-Virus.Hacktool.EvID : Cleaned with backup (quarantined).
E:\Old\core\WinZip\wzcr80.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
E:\Old\temp\fr_svcr1b31_crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
F:\Old\E\SAVE\CoreBackup\Program Files\StreamBox!VCR.zip/StreamBoxVCR1.0Beta3.1StealthMulderFix.zip/StreamBox VCR 1.0 Beta 3.1 Stealth Mulder Fix/fr_svcr1b31smf_crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
F:\Old\E\SAVE\CoreBackup\Program Files\StreamBox!VCR.zip/fr_svcr1b31_crack.zip/fr_svcr1b31_crack.exe -> Not-A-Virus.VirTool.Win32.AvSpoffer.a : Cleaned with backup (quarantined).
E:\OldWin98SE\WINDOWS\SYSTEM\kednl2.sys -> Rootkit.Agent.ay : Cleaned with backup (quarantined).
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@217.73.66[1].txt -> TrackingCookie.217.73.66.16 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@247realmedia[2].txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.15:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.32:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.42:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.56:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.57:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.58:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.59:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.60:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.61:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.62:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.63:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.6:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Profiles\default\kojpsgls.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Profiles\default\kojpsgls.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.836:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.837:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.838:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.839:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.840:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.841:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.842:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.843:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.844:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.845:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.846:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.885:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.919:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.924:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@112.2o7[3].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@112.2o7[4].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@112.2o7[6].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@2o7[2].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@bellglobemediapublishing.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cartoonnetwork.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cbs.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@chicagosuntimes.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cnetaustralia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cneteurope.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@meetupcom.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@newsinteractive.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@qantasairways.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.ad-flow[1].txt -> TrackingCookie.Ad-flow : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.ad-flow[2].txt -> TrackingCookie.Ad-flow : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.ad-flow[3].txt -> TrackingCookie.Ad-flow : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.ad-flow[4].txt -> TrackingCookie.Ad-flow : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.ad-flow[5].txt -> TrackingCookie.Ad-flow : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.ad-flow[6].txt -> TrackingCookie.Ad-flow : Cleaned.
:mozilla.16:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.39:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.40:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.41:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@stats.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@imgserv.adbutler[2].txt -> TrackingCookie.Adbutler : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@imgserv.adbutler[3].txt -> TrackingCookie.Adbutler : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@addcontrol[2].txt -> TrackingCookie.Addcontrol : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@axa.addcontrol[1].txt -> TrackingCookie.Addcontrol : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@axa.addcontrol[2].txt -> TrackingCookie.Addcontrol : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@axa.addcontrol[3].txt -> TrackingCookie.Addcontrol : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ads.addynamix[3].txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.366:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adition : Cleaned.
:mozilla.367:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adition : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ad.adition[2].txt -> TrackingCookie.Adition : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@srv1.ad.adition[2].txt -> TrackingCookie.Adition : Cleaned.
:mozilla.739:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.740:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.274:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@admarketplace[1].txt -> TrackingCookie.Admarketplace : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@adorigin[2].txt -> TrackingCookie.Adorigin : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@adorigin[3].txt -> TrackingCookie.Adorigin : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@adorigin[4].txt -> TrackingCookie.Adorigin : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@adorigin[5].txt -> TrackingCookie.Adorigin : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@adorigin[1].txt -> TrackingCookie.Adorigin : Cleaned.
:mozilla.520:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.521:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.522:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.523:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@z1.adserver[3].txt -> TrackingCookie.Adserver : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.adservingcentral[1].txt -> TrackingCookie.Adservingcentral : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.adservingcentral[2].txt -> TrackingCookie.Adservingcentral : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.adservingcentral[3].txt -> TrackingCookie.Adservingcentral : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.adservingcentral[4].txt -> TrackingCookie.Adservingcentral : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.adservingcentral[5].txt -> TrackingCookie.Adservingcentral : Cleaned.
:mozilla.863:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.864:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@adserver.adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@adtech[2].txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.10:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.11:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.12:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.13:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.831:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.832:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.833:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.834:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.835:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@advertising[1].txt -> TrackingCookie.Advertising : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@servedby.advertising[2].txt -> TrackingCookie.Advertising : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@servedby.advertising[3].txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.932:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.933:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.934:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.93:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
:mozilla.94:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Adviva : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@adviva[2].txt -> TrackingCookie.Adviva : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ad.agava.tbn[1].txt -> TrackingCookie.Agava : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ad.agava.tbn[3].txt -> TrackingCookie.Agava : Cleaned.
:mozilla.17:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.816:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.40:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Bfast : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@bfast[2].txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.931:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ads15.bpath[1].txt -> TrackingCookie.Bpath : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@www.burstbeacon[3].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@www.burstbeacon[4].txt -> TrackingCookie.Burstbeacon : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@www.burstbeacon[5].txt -> TrackingCookie.Burstbeacon : Cleaned.
:mozilla.395:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.396:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@burstnet[3].txt -> TrackingCookie.Burstnet : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@burstnet[4].txt -> TrackingCookie.Burstnet : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@www.burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.23:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.24:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.25:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.26:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.59:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.60:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.61:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.62:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@centrport[1].txt -> TrackingCookie.Centrport : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ad1.clickhype[2].txt -> TrackingCookie.Clickhype : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz4.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz4.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz4.clickzs[4].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz5.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz6.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@cz7.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cz3.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cz5.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cz6.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cz7.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@cz7.clickzs[3].txt -> TrackingCookie.Clickzs : Cleaned.
:mozilla.368:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.369:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@com[1].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@com[2].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@com[3].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@com[4].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@com[5].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@com[6].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@download.com[2].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@com[2].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@com[3].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@news.com[1].txt -> TrackingCookie.Com : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@bilbo.counted[2].txt -> TrackingCookie.Counted : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@1ca.cqcounter[1].txt -> TrackingCookie.Cqcounter : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@1ca.cqcounter[2].txt -> TrackingCookie.Cqcounter : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@1us.cqcounter[1].txt -> TrackingCookie.Cqcounter : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@1us.cqcounter[2].txt -> TrackingCookie.Cqcounter : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@1us.cqcounter[1].txt -> TrackingCookie.Cqcounter : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@1xxx.cqcounter[1].txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.37:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.7:E:\Old\Program Files\1-Small\K-Meleon\Profiles\default\n6wtghzu.slt\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.813:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.18:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Profiles\default\kojpsgls.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.19:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Profiles\default\kojpsgls.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.20:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Profiles\default\kojpsgls.slt\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.223:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.229:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.230:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.242:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.243:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.244:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.245:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.262:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.264:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.330:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.370:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.376:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.441:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.442:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.443:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.444:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.453:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.459:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.560:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.561:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.613:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.614:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.632:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.633:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.640:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.642:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.663:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.664:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.679:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.684:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.685:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.696:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.710:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.713:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.789:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.824:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.858:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.865:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.866:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.872:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.874:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.875:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.965:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.973:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.974:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@-1shz2prbmdj6wvny-1sez2pra2dj6wjkyupajkcqq-1dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfk4apajckp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfk4ujdpafo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfkiugd5mco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfkoaidzolq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfkoooazkgo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfkoooazkgo.stats.esomniture[3].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfkoujdjwbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfkyamdpebp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfkyghdjihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfl4cnd5ghp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfl4egcpwfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfl4oodjwfp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wfliapdpiao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wflicndpodp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wflokiazshp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wflosmajskp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wflosncjwdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wflowodjkko.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wgk4qpdjgbq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wgkikgc5aep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wgkiqndzwap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wgkychdzekp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wgkyeidjefp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wgkyglcjodq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjk4aodpkkp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjk4cocjmap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjk4ehd5oco.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjk4emajmdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjk4sgaziao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjk4sgcpcgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjk4skcjelp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjk4upczkcq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjkoaidpmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjkouhdzsho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjkowgc5aco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjkowpdjmho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjkycgajghq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjkychdpkap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjkyenazscq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjkyqkczsbq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjkywpdpseo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjl4clajkdq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjl4gmd5eap.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjl4wpczwco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlichcjwao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlicicpwao.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlikiazsgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjliojcjkcp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjliojcjkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjliojcjkcp.stats.esomniture[4].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjliuhcjkgo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjliwjc5gfp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjloclczago.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlokmcpibp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlokmcpibp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjloqoajgep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlychczgdo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlyojczogp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlyqjazslp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlysidzakp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjlywgc5sdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjmigndzmcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjmiogajkaq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjmisgazsho.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjmisnazkcp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjmygodpadp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjny-1kcpcf.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjny-1oajcg.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjny-1sczek.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjnycldpogq.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjnyspd5sep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@e-2dj6wjnywgdjwhp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkisncjiboamdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@y-1shz2prbmdj6wvny-1sez2pra2dj6wfkycmc5ofowsdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4eidzceowmdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@y-1shz2prbmdj6wvny-1sez2pra2dj6wjliojcjkcpwudj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@y-1shz2prbmdj6wvny-1sez2pra2dj6wjlyggd5gapaydj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiencpofowwdj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnyojd5mbogydj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@estat[2].txt -> TrackingCookie.Estat : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@www.etracker[1].txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.397:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.25:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.26:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.27:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.28:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.72:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.73:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.74:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.112:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.850:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@tracking.g3x[1].txt -> TrackingCookie.G3x : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@earth.goclick[1].txt -> TrackingCookie.Goclick : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@earth.goclick[2].txt -> TrackingCookie.Goclick : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@earth.goclick[3].txt -> TrackingCookie.Goclick : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@earth.goclick[4].txt -> TrackingCookie.Goclick : Cleaned.
:mozilla.15:E:\Old\Program Files\1-Small\K-Meleon\Profiles\default\n6wtghzu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.16:E:\Old\Program Files\1-Small\K-Meleon\Profiles\default\n6wtghzu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.17:E:\Old\Program Files\1-Small\K-Meleon\Profiles\default\n6wtghzu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.41:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.42:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.43:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.44:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.45:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.46:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@hg1.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-amtransair.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-atariinc.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-cafepress.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-dig.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-dig.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-eline.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-fifa.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-gamespot.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-glam.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-knightridder.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-knightridder.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-legonewyorkinc.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-newegg.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-playboy.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-playboy.hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-randomhouse.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-randomhouse.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-seagate.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg-warnerbrothers.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ehg.hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@hitbox[3].txt -> TrackingCookie.Hitbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@counter.hitslink[1].txt -> TrackingCookie.Hitslink : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@counter.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@counter2.hitslink[2].txt -> TrackingCookie.Hitslink : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@hotlog[2].txt -> TrackingCookie.Hotlog : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ads15.hyperbanner[1].txt -> TrackingCookie.Hyperbanner : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ilead.itrack[1].txt -> TrackingCookie.Itrack : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ilead.itrack[2].txt -> TrackingCookie.Itrack : Cleaned.
:mozilla.490:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ivwbox[2].txt -> TrackingCookie.Ivwbox : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@ivwbox[3].txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.310:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.311:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@komtrack[1].txt -> TrackingCookie.Komtrack : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@komtrack[2].txt -> TrackingCookie.Komtrack : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@komtrack[3].txt -> TrackingCookie.Komtrack : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.link4ads[2].txt -> TrackingCookie.Link4ads : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@ads.link4ads[3].txt -> TrackingCookie.Link4ads : Cleaned.
:mozilla.607:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.70:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.71:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.72:C:\Documents and Settings\Widya\Application Data\Mozilla\Firefox\Profiles\18k2vsvn.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.876:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.877:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@server.iad.liveperson[3].txt -> TrackingCookie.Liveperson : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@image.masterstats[2].txt -> TrackingCookie.Masterstats : Cleaned.
E:\OldWin98SE\OLDWIN\Cookies\widya santoso@image.masterstats[3].txt -> TrackingCookie.Masterstats : Cleaned.
E:\OldWin98SE\WINDOWS\Cookies\widya santoso@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned.
:mozilla.104:E:\OldWin98SE\WINDOWS\Mozilla\Profiles\default\0w26frqu.slt\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.870:E:\OldWin98SE\WINDOWS\Application Data\Mozilla\Firefox\Profiles\hklatna5.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.871:E:\OldWin98SE\WINDOWS&

#7 Sydney2K

Sydney2K
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 10 January 2007 - 02:53 PM

WinPFind3U 01102007_182341.log

Explorer killed successfully
[Registry - Non-Microsoft Only]
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ms deleted successfully.
C:\Program Files\Microsoft\svhost32.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Documents and Settings^Widya^Start Menu^Programs^Startup^Bandwidth Meter.lnk deleted successfully.
C:\WINDOWS\pss\Bandwidth Meter.lnkStartup moved successfully.
[Files - Created Wihin 30 days]
File %System32%\dllms.dll not found!
[Files - Modified Wihin 30 days]
File %System32%\dllms.dll not found!
[File String Scan - Non-Microsoft Only]
File %SystemRoot%\MEMORY.DMP not found!
< End of log >
Created on 01/10/2007 18:23:41

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:41 AM

Posted 10 January 2007 - 04:54 PM

Hi Sydney2K. Everything looks fine. Good job! Let's do a little final cleanup and then you are good to go.

First, you can go ahead and delete any WinPFind3 files and folders if you want. They are no longer needed.

Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • CHECK Turn off System Restore.
    • Click Apply, and then click OK.
  • Restart your computer.
  • Turn ON System Restore.
    • On the Desktop, right-click My Computer.
    • Click Properties.
    • Click the System Restore tab.
    • UN-Check Turn off System Restore.
    • Click Apply, and then click OK.
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You already have a good firewall and a good antivirus application installed and running. It is important to have both to protect your system, and to keep them updated.

To keep your operating system up to date visit Microsoft Windows Update monthly. Microsoft puts out new updates on the 2nd Tuesday of every month so be sure to check regularly.

And to keep your system clean be aware of what emails you open, what websites you visit, and update and run these free malware scanners once a week:To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#9 Sydney2K

Sydney2K
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 11 January 2007 - 07:15 AM

Thanks OT! I've taken up your advice, and everything looks peachy. I've also had a look at some of the tutorials on the site, and will be reading them in depth. The only other thing to do is donate- but someone says I have to pay for something on eBay, and I can't recall buying anything... and apparently there's something wrong with my Paypal account... I'll donate once I get those straightened out! ^_~

Edit: Ooops, I think I spoke too soon. My PC is now not recognising any of my USB keys or the USB hub, listing them as "malfunctioning" and "unknown devices". Could what I have done to protect myself be a cause of this problem? One thing it does do, it does recognise new USB keys and loads the drivers for those keys- problem being I know those keys to be unreliable, and I don't want to use those.

I know my USB keys to be working, and it's not recognising my 4 USB keys and my LaCie Orange USB minidisk.

One thing I think could work is to remove the traces of the USB keys that don't work so the system will now see them as "new devices". Is there any way to do that? I can't unload the device drivers, as it simply sees them as unknown devices.

The new software I have installed is SpywareBlaster, SpywareGuard and IE-Spyad, as suggested in your post above. I know the USB key worked before the installations because I copied the software from the USB key to the hard drive. I also have a system restore point as set up as per your above post.

Any suggestions before I go buy new USB keys? Help!

Edited by Sydney2K, 11 January 2007 - 08:35 AM.


#10 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:41 AM

Posted 11 January 2007 - 03:48 PM

Hi Sydney2K. I have never heard of that before. It doesn't mean that it couldn't be the cause but I would doubt it. Do all the thumbdrives have different drivers? Is this an external USB hub or an internal one?

Here's something you can try: http://www.jsifaq.com/SF/Tips/Tip.aspx?id=10825

I don't know if that will solve it or not.

Let me know.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#11 Sydney2K

Sydney2K
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:41 PM

Posted 12 January 2007 - 08:30 AM

No, that link didn't seem to work. It did funny stuff to my computer, and eventually I had to go back to a restore point.

In any case, after doing some Googling it doesn't seem as this phenomena has anything to do with cleaning up my compter- it's definitely widespread, but nothing to do with viruses, trojans or malware, so I think we can close the book on this thread. Thanks again for all your help OT. I hope I never have to meet you again! ^_~

#12 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:08:41 AM

Posted 13 January 2007 - 09:04 AM

I'm sorry to hear that Sydney2K. Things were looking up there for a bit.

I will now close this topic. If you have any new malware related questions or issues in the future please start a new topic.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users