« previous next »
Pages: [1]

Author Topic: Hoowah, Zeno pop-ups.. Help  (Read 1670 times)

Offline kgm7561

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Hoowah, Zeno pop-ups.. Help
« on: April 06, 2006, 07:36:47 PM »
Hello Friends.

Please .. Please...  help me get rid of these pop-ups from my PC. Here is the HJT log file.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kqnin.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,umtlyow.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\System32\nszAF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmerlh.dll
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - C:\WINDOWS\System32\ejrwx8drl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QcTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinnraf.exe FI002
O4 - HKLM\..\RunOnce: [NetVC - restore VNIC] "C:\PROGRA~1\AT&TNE~1\\NetVC.exe" -reset att_avpnnic
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnraf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroo...gRoomClient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104730922140
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroo...STJNILoader.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A90FB6E-4F47-4AE8-B26B-548CCF47C748}: SearchList = ibm.com
O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - C:\WINDOWS\System32\ejrwx8drl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\C4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hoowah, Zeno pop-ups.. Help
« Reply #1 on: April 06, 2006, 08:15:37 PM »
I need to see the whole log from Hijackthis

Can you do another Scan and save logfile with hijackthis
When the log opens
Click EDIT at the top
and then SELECT ALL
Then EDIT and select COPY
Come back here and PASTE to your reply

Also, I need to see the following information

download
FindQool  by LonnyRJones

    * Extract the files and place the FindQool folder in root. Usually C:\
So you now have the folder extracted at C:\FindQool
    * Open the folder and run Qlocate.bat.
    * Post the contents of the txt.log which will open.

Download F-Secure Blacklight(blbeta.exe)
  to your C:\ drive.
So you now have C:\blbeta.exe

    * Open a command window. (Start>Run and type: cmd)
    * Copy paste or type the following in the command window:

      C:\blbeta.exe /expert

    * Accept the user agreement.
    * Click Scan.
    * After the scan finishes, click on Next, then Exit.
Do not rename any files if found by blacklight, I need to see the log

BlackLight will create a log in your C:\ drive with the name "fsbl-xxxxxxx.log". Please post that log also.
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kgm7561

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Hoowah, Zeno pop-ups.. Help
« Reply #2 on: April 06, 2006, 09:47:28 PM »
Thanks for your help sir. Here are all the logs you requested for in order.

............Whole log from Hijackthis........................
Logfile of HijackThis v1.99.1
Scan saved at 7:28:02 PM, on 4/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\C4ebreg\isamsmt.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\progra~1\c4ebreg\c4ebreg.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\progra~1\c4ebreg\isamtray.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QcTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\system32\pwinnraf.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\cmd.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kqnin.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,umtlyow.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: web compressor - {23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} - C:\WINDOWS\System32\nszAF.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - C:\WINDOWS\System32\irsmerlh.dll
O2 - BHO: Yvakt Class - {98B9F201-C701-41F1-B338-7E5E0E6D768F} - C:\WINDOWS\System32\ejrwx8drl.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QcTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinnraf.exe FI002
O4 - HKLM\..\RunOnce: [NetVC - restore VNIC] "C:\PROGRA~1\AT&TNE~1\\NetVC.exe" -reset att_avpnnic
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnraf.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O15 - Trusted Zone: *.elitemediagroup.net
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroo...gRoomClient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104730922140
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroo...STJNILoader.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A90FB6E-4F47-4AE8-B26B-548CCF47C748}: SearchList = ibm.com
O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - C:\WINDOWS\System32\ejrwx8drl.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: ISAM SMT Service (ISAMsmt) - IBM Global Services - C:\Program Files\C4ebreg\isamsmt.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
............Whole log from Hijackthis........................


................................FindQool Log........................................
I am getting this error inspite of doing what you suggested. I downloaded the zipped file. Created a directory FindQool under C:\ Drive. Extracted the contents of the zipped file into the folder and tried to execute Qlocate.bat both by double clicking the file and running it from command line. I get the same error in both cases. The error reads..


""This utility cannot run unless Unzipped. Press any key to exit. Please try again.

Press any key to continue . . .""
................................FindQool Log........................................




................................Blbeta Log........................................
04/06/06 19:15:03 [Info]: BlackLight Engine 1.0.35 initialized
04/06/06 19:15:03 [Info]: OS: 5.1 build 2600 (Service Pack 1)
04/06/06 19:15:03 [Note]: 7019 4
04/06/06 19:15:03 [Note]: 7005 0
04/06/06 19:15:15 [Note]: 7006 0
04/06/06 19:15:15 [Note]: 7022 0
04/06/06 19:15:15 [Note]: 7011 3912
04/06/06 19:15:15 [Note]: 7026 0
04/06/06 19:15:16 [Note]: 7026 0
04/06/06 19:15:16 [Note]: FSRAW library version 1.7.1015
04/06/06 19:23:46 [Note]: 7007 0
................................Blbeta Log........................................
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hoowah, Zeno pop-ups.. Help
« Reply #3 on: April 06, 2006, 10:34:07 PM »
It's important that I see that log from FindQool
The only way I can create your error is from trying to run Qlocate.bat from within
the zipped file
Make sure your are running from the extracted FindQool folder
Double click on MyComputer>>Local Disk C:
Find the FindQool folder and run Qlocate.bat

If that won't work
Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
Paste it to the empty Notepad file
In Notepad click FILE>>SAVE AS
Change the Save as Type to All Files.
Name the file as find.bat

Save this file on the desktop

Code: [Select]
@echo off
cd C:\findqool
dir /s /a > C:\findqool.txt
notepad C:\findqool.txt
del /q C:\findqool.txt

Double click on find.bat
A text file will open, can you copy and paste back here the contents please
« Last Edit: April 06, 2006, 10:40:12 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kgm7561

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Hoowah, Zeno pop-ups.. Help
« Reply #4 on: April 06, 2006, 11:25:42 PM »
Volume in drive C has no label.
 Volume Serial Number is 5CC0-9DEE

 Directory of C:\findqool

04/06/2006  09:24 PM    <DIR>          .
04/06/2006  09:24 PM    <DIR>          ..
04/06/2006  07:45 PM           174,281 FindQool.zip
04/05/2006  02:09 AM           103,424 grep.exe
04/05/2006  02:09 AM            11,254 locate.com
04/05/2006  02:09 AM            40,448 md5deep.exe
04/05/2006  02:09 AM             8,645 Qlocate.bat
04/05/2006  02:09 AM            82,944 sed.exe
04/05/2006  02:09 AM            42,496 swreg.exe
               7 File(s)        463,492 bytes

     Total Files Listed:
               7 File(s)        463,492 bytes
               2 Dir(s)  35,799,810,048 bytes free
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hoowah, Zeno pop-ups.. Help
« Reply #5 on: April 07, 2006, 12:10:29 AM »
I'm not sure what method you used to unzip Findqool.zip
But do the following please
Go into the C:\findqool folder

Delete FindQool.zip, but leave all the rest of the files in that folder
Now, inside the findqool folder
Right click and empty spot and select NEW>>Folder
Name the new folder exactly as spelled below in bold

Sub

I need you too left click these next files in the findqool folder and Drag them into the Sub folder
Which is located inside the findqool folder

grep.exe
locate.com
md5deep.exe
sed.exe
swreg.exe

DO NOT drag Qlocate.bat into the Sub folder, leave it where it is

After that is done, double click on Qlocate.bat, let it finish and post the log

===================================
What you want is the following
One FindQool folder in the C:\ folder
Inside the FindQool folder you want Qlocate.bat and the Sub folder
Inside the Sub folder you want
grep.exe
locate.com
md5deep.exe
sed.exe
swreg.exe

It won't work unless set up that way
=====================================
If it still won't work, double click on find.bat and post the new log

EDIT>>I won't be back on till tomorrow, but do the above
We'll get you clean after I know the info from findqool
« Last Edit: April 07, 2006, 12:34:10 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kgm7561

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Hoowah, Zeno pop-ups.. Help
« Reply #6 on: April 07, 2006, 12:40:33 AM »
It worked!!


------------------------------------------------------------------------------------
Thu 04/06/2006
Running from: C:\findqool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.
 
Checksums....
 
Files found with locate com.
C:\WINDOWS\RYYNR.DLL
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
...
 
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\extensions\{4abf810a-f11d-4169-9d5f-7d274f2270a1}
HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6}
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu]
@="{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

[-HKEY_CLASSES_ROOT\CLSID\{incert HKCR\*\shellex csdl above here if present}]
 
...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
HKCU
...
 
Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
   shell REG_SZ  Explorer.exe, C:\WINDOWS\System32\kqnin.exe
   userinit REG_SZ  C:\WINDOWS\system32\userinit.exe,umtlyow.exe
...
SWReg utility
Written by Bobbi Flekman © 2005
Findqool edited 4/05/2006

------------------------------------------------------------------------------------
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hoowah, Zeno pop-ups.. Help
« Reply #7 on: April 07, 2006, 10:28:16 PM »
Sorry for the delay
You MUST follow all the instructions as I post them
Make sure you unzip files as I ask, or else there is a chance the fixes won't work

Can you please do the following

Can you open "MyComputer"
Double click to open Local Disk C: drive
Right click an empty spot  and left click NEW>>Folder
A new folder will be placed in the C: folder , name it BFU
So you now have C:\BFU

Please download Brute Force Uninstaller
Reminder, choose SAVE rather than OPEN
Save this too the desktop
Once you have it saved too desktop
Then Extract (UNZIP) the contents to the (C:\BFU) folder you just made
So you now have C:\Bfu\bfu.exe

[color=\"#CC0000\"]RIGHT CLICK HERE[/color]
 and choose "Save As" (in IE it's "Save Target As") in order to download  Alcra Remover.
Save it in the folder you made earlier (c:\BFU)
So you now have C:\Bfu\alcanshorty.bfu

==Download The Avenger by Swandog46
and save it to your Desktop.
Right click on it and Extract avenger.exe from the Zip file and save that to your desktop
DO NOT RUN THIS FROM WITHIN THE ZIP FILE
We'll need this in a bit

From the bottom of this reply box, download and save to your desktop
kgm7562.zip
EXTRACT the contents so you now have
To the C:\directory>>  C:\kgm7561.txt

Please save these instructions to a Notepad file and save it to your Desktop for reference
or Print them out!

Please disable AdWatch, as it may hinder the removal of some entries.
To disable AdWatch:
Open AdAware SE.
Go to AdWatch User Interface.
Go to Tools and Preferences.
At the bottom of the screen you will see 2 options Active and Automatic.
Active: This will turn Ad-Watch On\Off without closing it.
Automatic: Suspicious activity will be blocked automatically.
Uncheck both options. You can enable these after resolving your problem.

RESTART your Computer in SAFE MODE
You can do this by tapping the F8 key as the system is restarting, just before Windows loads
Choose Safe mode from the startup menu

In safe mode
Access your add/remove programs in control panel
and remove if found
Enhanced Ads by Zeno removal
Zeno Search Assistant removal

Remain in safe mode if any of the above are removed, even if prompted to restart

=Open the C:\BFU folder
Double click to run BFU.exe
Use the "Open Script file" button (the folder icon next to Scriptfile to execute)
Navigate to alcanshorty.bfu in the C:\BFU folder
Right click alcanshorty.bfu and choose Select
In Brute Force Uninstaller select Execute
Wait for the "complete script execution" box to pop up and press OK.
Press exit to terminate the BFU program.

Run avenger.exe by double-clicking on it.
Ensure Load Script from File: is selected
and then click the folder Icon on the right side of that section.
Then browse to C:\kgm7561.txt
Left click once to Highlight it and then click Open
To Select it
Click on the "Traffic light" icon and OK the prompt
You will be prompted to restart, OK the prompt and your PC should reboot, if not, reboot it.

Reboot back to Normal mode

When you are back in Normal mode, your icons and taskbar won't appear at first but Hijackthis will open
with Hijackthis put a check next to these entries:

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kqnin.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,umtlyow.exe

O4 - Startup: Zeno.lnk = C:\WINDOWS\system32\pwinnraf.exe
O15 - Trusted Zone: *.elitemediagroup.net

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

O18 - Filter: text/html - {0FA7FD6B-47C3-425B-AE30-36383F1C4503} - C:\WINDOWS\System32\ejrwx8drl.dll

After you have ticked the above entries
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Your icons and taskbar will now appear

Next, do the following
==Download ATF Cleaner by Atribune.
and save it to your desktop
This program is for XP and Windows 2000 only
==========================================
Double-click ATF-Cleaner.exe to run the program.
      Under Main choose: Select All
      Click the Empty Selected button.

If you have the Firefox browser installed:
In the menu bar FireFox will be selectable
     Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you have the Opera browser installed:  
In the menu bar Opera will be selectable
      Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
=========================================

==Download and then Install
Ewido anti-malware 3.5

When installing, under "Additional Options" Uncheck
 "Install background guard" and "Install scan via context menu".

From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")

If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/

Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
  *1. Perform Action = Remove
  *2. Create Encrypted Backup in Quarantine (Recommended)
  *3. Perform action with all infections
    Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
NOTE: When Ewido is running, don't open any other Windows

Reboot the computer one more time

Come back here and post ALL the following please

1. Post a fresh hijackthis log
2. Post the whole report from Ewidos
3. Avenger would of also created a log >>>C:\avenger.txt
Please post the whole contents

EDIT>>I edited the above instructions a bit, if you have already started the fixes, it's ok
If not use the above instructions>>Thanks

Attachment removed
« Last Edit: April 09, 2006, 07:21:57 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kgm7561

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Hoowah, Zeno pop-ups.. Help
« Reply #8 on: April 08, 2006, 10:25:54 AM »
Thks. Here are the log files as you requested.



***************Hijack This Log***********
Logfile of HijackThis v1.99.1
Scan saved at 8:16:51 AM, on 4/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\progra~1\c4ebreg\c4ebreg.exe
C:\WINDOWS\Explorer.EXE
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\progra~1\c4ebreg\isamtray.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QcTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kqnin.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,umtlyow.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QcTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinnraf.exe FI002
O4 - HKLM\..\RunOnce: [NetVC - restore VNIC] "C:\PROGRA~1\AT&TNE~1\\NetVC.exe" -reset att_avpnnic
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\RunOnce: [NetSP - restore database] "C:\Program Files\AT&T Network Client\NetSP.exe" -show
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroo...gRoomClient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104730922140
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroo...STJNILoader.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A90FB6E-4F47-4AE8-B26B-548CCF47C748}: SearchList = ibm.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\progra~1\c4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
***********************************


*************EWIDOS REPORT********
---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         8:08:45 AM, 4/8/2006
 + Report-Checksum:      17A55E75

 + Scan result:

   :mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.134:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.139:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.173:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
   :mozilla.236:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
   :mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.248:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.272:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.325:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.326:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.327:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.328:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.330:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
   :mozilla.331:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.332:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.334:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
   :mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.356:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.357:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.358:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.359:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.361:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.365:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.366:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.368:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
   :mozilla.370:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.385:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.386:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.387:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.396:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.397:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.398:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.408:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.409:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.413:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.414:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.415:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.416:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.418:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.419:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.420:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.421:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.427:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   :mozilla.428:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.429:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.430:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.431:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.432:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.443:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.444:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.445:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.446:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.447:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.476:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
   :mozilla.517:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.518:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.519:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.530:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.533:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.549:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.555:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
   :mozilla.561:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.562:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.563:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.564:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.574:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.575:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.581:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.582:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.597:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.611:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.612:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.613:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.614:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.615:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.639:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.642:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.643:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.644:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.645:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.646:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.647:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.648:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.649:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.650:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.653:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.659:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.679:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.681:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.682:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.683:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.684:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.685:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.686:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.687:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.688:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.689:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.702:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hoowah, Zeno pop-ups.. Help
« Reply #9 on: April 08, 2006, 10:38:36 AM »
Did you run ATF-Cleaner with the instructions I posted before running Ewido?
Ewido cleaned a bunch of cookies that ATF-cleaner should of removed!

Some entries are still in your log, this is most likely due to Ad-Aware's Ad-watch still running
I need you too disable adwatch!
Leave it disabled until we're sure your clean

Then
Do a "System scan only" with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kqnin.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,umtlyow.exe

O4 - HKLM\..\Run: [BrowserUpdateSched] C:\WINDOWS\System32\pwinnraf.exe FI002

O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

After you have ticked the above entry, close All other open windows
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer

Come back here and post all the following
[color=\"#990000\"]1. Post a fresh hijackthis log[/color]

[color=\"#009900\"]2. Post the remainder of the Ewido log, you don't have to post back entries that look like the following
:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
Those are just cookies, but I need to see the remainder of the log![/color]

[color=\"#330099\"]3. You didn't post the avenger log C:\avenger.txt
Please post it[/color]

[color=\"#993399\"]4. Can you run Qlocate.bat again in the findqool folder and post the new log please[/color]
« Last Edit: April 08, 2006, 10:51:59 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kgm7561

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Hoowah, Zeno pop-ups.. Help
« Reply #10 on: April 08, 2006, 11:42:43 PM »
Thanks for your continued help.


*************Hijack This*********************
Logfile of HijackThis v1.99.1
Scan saved at 9:26:51 PM, on 4/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\progra~1\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\progra~1\c4ebreg\isamtray.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QcTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kqnin.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QcTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroo...gRoomClient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104730922140
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroo...STJNILoader.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A90FB6E-4F47-4AE8-B26B-548CCF47C748}: SearchList = ibm.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\progra~1\c4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

********************************************************



**********************Ewido Log***************************
---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:         8:08:45 AM, 4/8/2006
 + Report-Checksum:      17A55E75

 + Scan result:

   :mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
   :mozilla.12:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.13:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.14:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.21:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.23:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.24:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.25:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8xb7vcb7.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.7:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.8:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.10:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.11:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
   :mozilla.31:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.32:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.33:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.34:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.35:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.36:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.37:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.38:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.39:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.40:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
   :mozilla.51:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.52:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.53:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.54:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.55:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.56:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.57:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.58:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.60:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.61:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.62:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.64:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.65:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.68:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
   :mozilla.69:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.70:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.71:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.72:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.73:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.74:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.75:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.76:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.77:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.78:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.79:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.88:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.89:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.90:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.91:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.92:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.93:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.94:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.95:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.96:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.97:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.98:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.99:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
   :mozilla.106:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.107:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.108:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.109:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.110:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
   :mozilla.111:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.112:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
   :mozilla.114:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.115:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.116:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.117:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup
   :mozilla.118:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.119:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.120:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
   :mozilla.129:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.130:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.131:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.132:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.133:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.134:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.135:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.137:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.138:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.139:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.140:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.141:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.142:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.143:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.144:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.145:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.146:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.147:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.148:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.149:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.150:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.151:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.152:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.153:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.154:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.155:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.156:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.157:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.158:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.159:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.160:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.161:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.162:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.163:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.164:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.165:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.166:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.167:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.168:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.169:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.170:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.171:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.172:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.173:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.174:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.175:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.176:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.177:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.178:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.179:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.232:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
   :mozilla.236:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Linksynergy : Cleaned with backup
   :mozilla.245:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.246:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.247:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.248:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup
   :mozilla.272:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.325:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.326:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.327:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.328:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
   :mozilla.330:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
   :mozilla.331:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.332:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
   :mozilla.334:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
   :mozilla.351:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.356:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.357:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.358:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.359:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup
   :mozilla.361:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.365:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.366:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
   :mozilla.368:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
   :mozilla.370:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
   :mozilla.385:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.386:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.387:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
   :mozilla.396:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.397:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.398:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
   :mozilla.408:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.409:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup
   :mozilla.413:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.414:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.415:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.416:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup
   :mozilla.418:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.419:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.420:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.421:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Specificclick : Cleaned with backup
   :mozilla.427:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   :mozilla.428:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.429:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.430:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.431:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.432:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adrevolver : Cleaned with backup
   :mozilla.443:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.444:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.445:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.446:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.447:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
   :mozilla.476:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
   :mozilla.517:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.518:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.519:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup
   :mozilla.530:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.533:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.549:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.555:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup
   :mozilla.561:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.562:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.563:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.564:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup
   :mozilla.574:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.575:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.581:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.582:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
   :mozilla.597:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.611:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.612:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.613:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.614:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.615:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Revenue : Cleaned with backup
   :mozilla.639:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
   :mozilla.642:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.643:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.644:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.645:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.646:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.647:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.648:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.649:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.650:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup
   :mozilla.653:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
   :mozilla.659:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.679:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.681:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.682:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.683:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.684:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.685:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.686:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.687:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.688:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.689:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup
   :mozilla.702:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.703:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Googleadservices : Cleaned with backup
   :mozilla.771:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.772:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.773:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.7
Logged

Offline kgm7561

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Hoowah, Zeno pop-ups.. Help
« Reply #11 on: April 08, 2006, 11:53:48 PM »
:mozilla.773:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.775:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.776:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.777:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.789:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.793:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Bfast : Cleaned with backup
   :mozilla.815:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.816:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
   :mozilla.823:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Esomniture : Cleaned with backup
   :mozilla.877:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.882:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.889:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.894:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
   :mozilla.904:C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\default.qji\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   :mozilla.6:C:\Documents and Settings\Administrator\Application Data\Mozilla\Profiles\default\wj8s3fr0.slt\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\krishna@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\krishna@com[1].txt -> TrackingCookie.Com : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\krishna@com[2].txt -> TrackingCookie.Com : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Dbbsrv : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Liveperson : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\krishna@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Click2begin : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\[email protected][1].txt -> TrackingCookie.Res99 : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\krishna@y-1shz2prbmdj6wvny-1sez2pra2dj6wjkosnczcepw6dj6x9ny-1seq-2-2.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\krishna@y-1shz2prbmdj6wvny-1sez2pra2dj6wjl4umczghog2dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\krishna@y-1shz2prbmdj6wvny-1sez2pra2dj6wjmiagcpkgog6dj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\Documents and Settings\Administrator\Cookies\krishna@y-1shz2prbmdj6wvny-1sez2pra2dj6wjnycpd5ckpgqdj6x9ny-1seq-2-2.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
   C:\WINDOWS\876057.exe -> Adware.Mirar : Cleaned with backup
   C:\WINDOWS\bu7dyo4f.exe -> Downloader.Small.afi : Cleaned with backup
   C:\WINDOWS\elitemediapop.exe -> Trojan.LowZones.am : Cleaned with backup
   C:\WINDOWS\JUSTIN2.exe -> Adware.EZula : Cleaned with backup
   C:\WINDOWS\system32\irismon.dll -> Adware.SafeSurfing : Cleaned with backup
   C:\WINDOWS\system32\irssyncd.exe -> Adware.SafeSurfing : Cleaned with backup
   C:\WINDOWS\system32\WinNB57.dll -> Adware.Mirar : Cleaned with backup
   C:\WINDOWS\ZIFI002.exe -> Adware.ZenoSearch : Cleaned with backup


::Report End
***********************************************************************




*****************************************Avenger*******************
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mkjnloqk

*******************

Script file located at: \??\C:\Documents and Settings\djiueqaq.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\RYYNR.DLL deleted successfully.
File C:\WINDOWS\system32\pwinnraf.exe deleted successfully.
File C:\WINDOWS\System32\irsmerlh.dll deleted successfully.


File C:\WINDOWS\System32\kqnin.exe not found!
Deletion of file C:\WINDOWS\System32\kqnin.exe failed!

Could not process line:
C:\WINDOWS\System32\kqnin.exe
Status: 0xc0000034



File C:\WINDOWS\System32\umtlyow.exe not found!
Deletion of file C:\WINDOWS\System32\umtlyow.exe failed!

Could not process line:
C:\WINDOWS\System32\umtlyow.exe
Status: 0xc0000034



File C:\WINDOWS\System32\ejrwx8drl.dll not found!
Deletion of file C:\WINDOWS\System32\ejrwx8drl.dll failed!

Could not process line:
C:\WINDOWS\System32\ejrwx8drl.dll
Status: 0xc0000034



File C:\WINDOWS\System32\nszAF.dll not found!
Deletion of file C:\WINDOWS\System32\nszAF.dll failed!

Could not process line:
C:\WINDOWS\System32\nszAF.dll
Status: 0xc0000034

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run|BrowserUpdateSched deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\classes\folder\shellex\columnhandlers\{ce3a44d8-bc88-4d62-a890-42d96245f8d6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23FB5ADD-DA37-4a40-9FC0-B0E2384CDE92} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{70F6A776-579A-4C95-BA88-134253907752} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70F6A776-579A-4C95-BA88-134253907752} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{98B9F201-C701-41F1-B338-7E5E0E6D768F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98B9F201-C701-41F1-B338-7E5E0E6D768F} deleted successfully.
Program C:\Program Files\Hijack this\HijackThis.exe successfully set up to run once on reboot.

Completed script processing.

*******************

Finished!  Terminate.
**************************************************************************







**************QLocate***********************************88
Sat 04/08/2006
Running from: C:\findqool
PLEASE NOTE: LEGIT FILES MIGHT BE LISTED. IF YOU ARE UNSURE OF WHAT IS LISTED LEAVE THEM ALONE.
 
Checksums....
 
Files found with locate com.
Re-check using dir /a:-d
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
...
 
[HKEY_CLASSES_ROOT\*\shellex\ContextMenuHandlers\LDVPMenu]
@="{BDA77241-42F6-11d0-85E2-00AA001FE28C}"

[-HKEY_CLASSES_ROOT\CLSID\{incert HKCR\*\shellex csdl above here if present}]
 
...
Runs, Listed here as a Doublecheck for the locate com results
HKLM
HKCU
...
 
Files In Winlogon shell and userinit
Listed here as a Doublecheck for the locate com results
   shell REG_SZ  Explorer.exe, C:\WINDOWS\System32\kqnin.exe
   userinit REG_SZ  C:\WINDOWS\SYSTEM32\Userinit.exe,
...
SWReg utility
Written by Bobbi Flekman © 2005
Findqool edited 4/05/2006
**************************************************************************
« Last Edit: April 09, 2006, 12:21:01 AM by guestolo »
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hoowah, Zeno pop-ups.. Help
« Reply #12 on: April 09, 2006, 12:20:03 AM »
Log off all other users on the computer
Do a "System scan only" with Hijackthis and put a check next to these entries:

F2 - REG:system.ini: Shell=Explorer.exe, C:\WINDOWS\System32\kqnin.exe


After you have ticked the above entry, close All other open windows
Including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Reboot the computer
Post back a fresh hijackthis log
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kgm7561

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Hoowah, Zeno pop-ups.. Help
« Reply #13 on: April 09, 2006, 12:58:30 AM »
Logfile of HijackThis v1.99.1
Scan saved at 10:56:58 PM, on 4/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Drivers\trcboot.exe
C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE
C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\progra~1\c4ebreg\c4ebreg.exe
c:\sdwork\issimsvc.exe
C:\notes\ntmulti.exe
C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec AntiVirus\SavRoam.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\Drivers\ldlcserv.exe
C:\WINDOWS\System32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\System32\TpShocks.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\IBM\Personal Communications\tpam.exe
C:\progra~1\c4ebreg\isamtray.exe
C:\WINDOWS\System32\WDBtnMgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\Logi_MwX.Exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QcTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Zone Labs\Integrity Client\iclient.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w3.ibm.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://w3.ibm.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://w3.ibm.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [C4EBReg] "C:\progra~1\c4ebreg\c4ebreg.exe" /q
O4 - HKLM\..\Run: [ISSI EZUpdate Service] "c:\sdwork\issimsvc.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [stgclean] c:\sdwork\w32main2.exe /cleanup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [Tpam.exe] "C:\Program Files\IBM\Personal Communications\tpam.exe"
O4 - HKLM\..\Run: [ISAMTray] "C:\progra~1\c4ebreg\isamtray.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [QCWLIcon] C:\PROGRA~1\ThinkPad\CONNEC~1\QCWLIcon.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QcTray.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [ISAM SMT Service] "C:\Program Files\C4ebreg\isamsmt.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Integrity Client.lnk = C:\Program Files\Zone Labs\Integrity Client\iclient.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://w3.ibm.com
O16 - DPF: ST MRC ST31IF1 PMR-90722999000 - https://www-1.ibm.com/sametime/stmeetingroo...gRoomClient.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5co...b?1104730922140
O16 - DPF: {7261EE42-318E-490A-AE8F-77649DBA1ECA} (JNILoader Control) - https://www-1.ibm.com/sametime/stmeetingroo...STJNILoader.cab
O16 - DPF: {9519B2A2-6592-4E41-8290-D0298459270C} (LNWebAssist Class) - http://w3.ibm.com/bluepages/scripts/lnwebassist.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab\' target=\'_blank\' rel=\'nofollow\'>http://pdl.stream.Email Removed/downloads/aol/unagi/ampx_en_dl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A90FB6E-4F47-4AE8-B26B-548CCF47C748}: SearchList = ibm.com
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: atmgrtok - atmgrtok.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O20 - Winlogon Notify: pcsinst - C:\WINDOWS\SYSTEM32\pcsinst.dll
O20 - Winlogon Notify: QConGina - C:\WINDOWS\SYSTEM32\QConGina.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: AppnNode - IBM Corporation - C:\WINDOWS\System32\Drivers\appnnode.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: IBM Standard Asset Manager Service (ISAMSvc) - IBM Global Services - C:\progra~1\c4ebreg\c4ebreg.exe
O23 - Service: ISSI EZUpdate (ISSIMon) - IBM Global Services - c:\sdwork\issimsvc.exe
O23 - Service: IBM Enterprise Extender (ldlcserv) - IBM Corporation - C:\WINDOWS\System32\Drivers\ldlcserv.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\notes\ntmulti.exe
O23 - Service: Network Configuration Service (NetCfgSvr) - AT&T - C:\PROGRA~1\AT&TNE~1\NetCfgSv.EXE
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: IBM Trace Facility (TrcBoot) - IBM Corporation - C:\WINDOWS\System32\Drivers\trcboot.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hoowah, Zeno pop-ups.. Help
« Reply #14 on: April 09, 2006, 01:00:07 AM »
How's is everything running?
Just some final cleanup and we should be done here
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline kgm7561

  • Newbie
  • *
  • Posts: 9
  • Karma: +0/-0
    • View Profile
Hoowah, Zeno pop-ups.. Help
« Reply #15 on: April 09, 2006, 01:08:27 AM »
Much better than before. Thank u very much.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
Hoowah, Zeno pop-ups.. Help
« Reply #16 on: April 09, 2006, 01:31:28 AM »
You should do the following
Make sure no setting were changed in IE's Security's settings
   1. Open Microsoft Internet Explorer.
   2. Click Tools > Internet Options.
   3. Click the Security tab.
   4. Click the Internet Icon.
   5. Click Default Level.
   6. Click the Local Intranet Icon.
   7. Click Default Level.
   8. Click the Trusted sites Icon.
   9. Click Default Level.
  10. Click the Restricted sites Icon.
  12. Click Default Level on lower right corner of the window.
  13. Click OK on lower right corner of the window.

*If everything is running better
Final Cleanup
We should clear all your restore points to ensure you don't restore any nasties that may be sitting idle
    Go to START>>RUN>>In the open field
    Type in
msconfig
Click OK
Click the "Launch System Restore" button
On the Left hand side click on "System Restore Settings"
Put a Check in "Turn off System Restore"
Apply it and OK out of there>>Reboot your computer
[/list]                          
Back in Windows, Go back and take the check out of "Turn off system restore"
This will reenable the System Restore feature and creates a new restore point

                 In addition to the protections you have on your comptuer
*Install  SpywareBlaster 3.5.1 by JavaCool[/url]  
    *Will block bad ActiveX Controls
    *Block Malevolent cookies in Internet Explorer and Firefox
    *Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
"Check for updates every couple of weeks"
after every update just simply click the "enable protection on all unprotected items"

*Check for updates with your anti-spyware programs and run a scan on a regular basis
I would hold onto Ewido also, it will become a limited version in a couple weeks, but it's still a very effective scanner
In addition, Open Spybot 1.4>>Click on the Immunize button>>OK>>Immunize at the top green cross
Please immunize after every update                  

+ *I noticed they have older versions of Java installed
Go into your add/remove programs
The latest version is
J2SE Runtime Environment 5.0 Update 6
If you have that version installed, leave it but remove older versions or updates
If you don't have that version installed
You should access the following link
http://www.java.com/en/download/manual.jsp
I find the
Windows (Offline Installation) the most reliable although it's a bigger download
Save the offline installer to desktop
Don't install it yet

Access the add/remove programs via control panel and remove
any older version or updates
Then go ahead and install the latest version, which will include security updates

Why so far behind on Windows updates?
SP2 has been out for some time now
I urge you to install it, this is very important in keeping your system secure
I would do a Disk Defragment on your harddrive beforehand, IMO, best done in safe mode
Then take a look at this link
http://www.microsoft.com/windowsxp/sp2/default.mspx
Take note at the site of the link provided:
   What to know before you download and install
It's important to regularly check for updates at Windows updates at least once a month
In addition: If you have Microsoft Office products installed
There is a link at windows updates>>OFFICE FAMILY
You should check for updates for these products too
NOTE: It's a good idea when installing SP2 to disable anti-spyware protections such as Ad-Watch
Just to be sure there is no interference
You can reenable Ad-watch afterwards

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />
« Last Edit: April 09, 2006, 01:33:20 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »